"Computer skills" hack win7/win8 login Password

　　　　

Pic via Baidu

　0x 00 hack ideas

The user's plaintext password is generated hash hash by one-way hash encryption, hash hash is encrypted and stored in the system disk \windiws\system32\config file

To get the clear text, you get the SAM file, extract the hash hash, and then search online or brute force to get the plaintext password.

There are two ways to get a SAM file:

1) obtained directly from the native operating system;

2) using a USB flash drive with Linux (or WinPE) installed;

Get the SAM file can be easily extracted to the user's hash, and then the cracked part of the

Directly on the hash hack website, let the website decryption, simple rough, but need money~

can also be brute force in this machine because of the irreversibility of individual encryption

The cracking process is actually a bunch of letter combinations to do hash encryption, the results obtained are compared with ciphertext

Not really cracked, fortunately the computer has a powerful computing power = =!

0x 01 hack test

Environment >>

Cracked Host: Win 7 Ultimate version 64-bit

Tools: bkhive (Generate Bootkey file for extracting hash hashes)

SAMDUMP2 (extract hash tool)

John (Brute force Hash is clear)

All three of the above tools are integrated into the USB drive (Kali)

As a result of the WIN8 and Win7 encryption algorithms, encrypted files are stored in the same location is the same here to demonstrate Win7 under the

　　　　1. Generate Cracked Account

Win7 cmd, create two users to be cracked

　　　　

NET user Frank 1t2e3n//add

　　　　2. Extracting Sam Files

Set the machine to boot, plug in the USB drive, enter the Kali

Open My Computer, click on the Win7 system tray icon, this time Kali has Win7 system disk (Win7os) mounted to

/media, copy the Sam file and the system file under/media/win7os/windows/system32/config/

Note Case ~

cp/media/win7os/windows/system32/config/sam/tmp//media/win7os/windows/system32/config/system/tmp/ SYSTEM

　　　　

　　　　3. Extract Hash Hash

Generate a Bootkey file from the system file with Bkhive first

Use the SAMDUMP2 tool to extract hash hashes from Sam files and Bootkey

/*   Execute  in/tmp directory */> Hashes.txt

Hash hashes are stored in/tmp/hashes.txt, in the following format:

　　　　

Most Windows operating systems now use NTLMV2 encryption, so the resulting LM hash is generally useless (the result of null-character encryption)

The above NTLM string is the hash hash we want to get.

　　0x 04 Hack Hash

If the original plaintext password length is within 6 bits we can use the John the Ripper tool for blasting, very simple

The result of the native test is less than an hour all 6-bit-length passwords can be cracked successfully

/** *  /--format=nt2//  nt2 means using NTLMv2 hack

Then you can go to tea, let him run (in fact, I went to take a nap I will talk nonsense ~)

And then it's gone, look.

　　　　

Frank and Alice's password have come out ~

Roughly, John, the speed of the NTMLv2 is roughly a second. 100多万条

So it's been a one-hour run, and there's no result. Suggested online decryption, CMD5 is a good site

There's a whole bunch of daoteng on it, and it's hard enough to look at it, if you get a glimpse of it, you earn:)

If the normal access to the machine can be directly extracted hash, artifact PWDUMP7 in this, directly run. exe can, address affixed to the back

If you get the system and Sam files, you can also get the hash tool under Windows saminside, import the file

If not, you can copy the file to the USB stick in cmd mode and then remove the hash hack.

Of course, all that is written in this file is to crack the login password, not to clear (reset)

Because what's the difference between clearing the reset and breaking the window and jumping in?

　　　　

Tool Download:

PWDUMP7 Baidu Network disk http://pan.baidu.com/s/1D7jUu password: 91ud

Saninside Baidu Network disk Http://pan.baidu.com/s/1kT9RcjX password: bb1s

"Computer skills" hack win7/win8 login Password