Sign in to follow this  
Followers 0
deiol

pwdump issues

12 posts in this topic

I contemplated putting this in the Nubie HQ, but I feel this is more than just a "please show me how to crack a password, I want to be 1337!" question. I've used PWDUMP, LC4, LC5, and Cain before to crack passwords, this isn't new to me. For this, my roommate challenged me to crack his computer password, he knows nothing about computer, but he did something I've never seen before and I don't know what it is.

He thought I would use my 'Guest' account to try to get his password, but he left his account on while he went to the bathroom and I was able to run PWDUMP2 and e-mail the results to myself. I cracked all the accounts on the computer except his, using LC5. His LM Password hash comes up as:

aad3b435b51404eeaad3b435b51404ee

Those familiar with cracking windows passwords know that this is a blank password. However his password is not blank... anyone know what could cause this?

The full hash from PWDUMP2 is:

Matt:1003:aad3b435b51404eeaad3b435b51404ee:93f28a5a088f518f7987ba4f8a3ff978:::

Thanks for looking!

0

Share this post


Link to post
Share on other sites

If the password in more that 14 chrater or if he turned of LM hash storage there would be no LM hash stored for the password, you would have to use the NT hash. Not sure if this is the case or not.

Edit: Found this old post on Google, that seems to confirm my suspecions.

http://archives.neohapsis.com/archives/sf/...03-q1/0139.html

Edited by Irongeek
0

Share this post


Link to post
Share on other sites

Probably the case. Your friend has probably geared up for your coming by an extra long password. Chances are it is an easily remembered phrase OR he has written it down somewhere. Check his wallet, under the keyboard, in desk drawers, etc. Or just use [insert XYZ sam file grabber] to get the sam file and crack it on your own time. He can't be there all the time, eh?

0

Share this post


Link to post
Share on other sites
Or just use [insert XYZ sam file grabber] to get the sam file and crack it on your own time.

Do you mean a program that grabs the actual SAM file? Or just the hash? Cause PWDUMP is what I have always used, grabs the hash, but as you can see it doesn't work in this case.

0

Share this post


Link to post
Share on other sites

Yeah try a live linux CD like Auditor or Knoppix-STD. Or use a DOS boot disk with a sam grabber.

0

Share this post


Link to post
Share on other sites

that sneak! I just checked the registry and found out that he turned off LM hashes:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Add Key: NoLMHash

He's working with someone...

0

Share this post


Link to post
Share on other sites

Oh noes!

Maybe its...Tsutomu!

EDIT:Maybe put VNC on his comp, or put a hardware keylogger. Or I can supply you with a fake windows login app

Edited by GreyFox
0

Share this post


Link to post
Share on other sites
EDIT:Maybe put VNC on his comp, or put a hardware keylogger.  Or I can supply you with a fake windows login app

Yeah if your dealing with a desktop computer take GreyFox's suggestion and invest in a hardware keylogger. They work like a charm and he won't be expecting it. Only problem is you'll probably be out 70 bucks, but you never know when you'll need it again!

0

Share this post


Link to post
Share on other sites
Oh noes!

Maybe its...Tsutomu!

EDIT:Maybe put VNC on his comp, or put a hardware keylogger.  Or I can supply you with a fake windows login app

Yeah, I have UltraVNC on the computer, so as soon as he walks away I can start working on his computer if I want, I don't have to get up and move. But if he's logged off, all I can do is look at the login screen.

As far as a hardware keylogger, yeah I've been thinking of getting one just because its a good thing to have, but I don't have the money right now for it, plus he might actually notice is there since he goes behind his computer all the time to switch his speakers and headphones. The other option is a keylogger that installs inside the keyboard. Thanks diverter.

That fake windows login app sounds interesting, maybe I'll give it a try, how does it work? Is it compatible with the cute WinXP Welcome Screen? Thanks for your help.

0

Share this post


Link to post
Share on other sites

It is just a .exe that when you run it you get this:

passyxp.jpg

And here is what it looks like:

passyxp1.jpg

and then it writes the username and password to 2 seperate text files in the programs directory and I have a version for pro as well.

Edited by GreyFox
0

Share this post


Link to post
Share on other sites

Nope sorry I just found it in the usual places

If you are interested in both or just one version, just PM me

By the way, I am at my first 2600 meeting and it is great!

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0