Saturday, July 21, 2007

Windows Account Cracking

Last week, someone had problem logging into his Windows 2003. So needed a Windows account cracking tools. So i am thinking of sharing some of my knowledge in Windows account cracking. The passwords in Windows systems are hash and stored in SAM (Security Account Manager). Only 14 characters of the password are used for the hashing. The password is split into 2 (with 8 characters each) and hash seperately.

For account cracking tool, it normally uses either Brute-force/Dictionary, Rainbow table or replace the password hash in the SAM file.

For Brute-force method, it will try every possiblilites. But with long and complex password being used these days, this method will not be practical. A 8-characters complex password (mixed case with number or symbols) will have 7.2 Quadrillion (thousand million million)combinations will need 2 1/4 years to crack using current dual-processor PC. (Password Recovery Speed)

For Rainbow table method, which uses time-memory tradeoff technique, is by doing all cracking time computation in advance and store the result in files so called “rainbow table”. It is trading speed for memory and diskspace. The table can be very large if the table is more comprehensive. If you have a correct table, a complex password can be cracked in a few minutes rather than months to years with brute-force.

OPHCRACK - The "famous" Windows password cracker based on rainbow table. It comes with "LiveCD" that can be bootup and automatically crack the password.

ophcrack screenshot

The other ways to crack the password is to replace the hash in the SAM file. This method will need to bootup with another OS to dump the SAM file for modification. The username and the password hash are located, and be replaced with the hash of the password of your choice.

Offline NT Password & Registry Editor - My recommendated Windows password cracking tools that "reset" the password. This tool is bootable from a floppy or CD. It require the system to boot up from the tool to do the password "reset".

Offline NT Password Registry Editor

Related sites:
-Password Recovery Speed


-Offline NT Password & Registry Editor

No comments: