Use rainbow table + ophcrach + pwdump to crack windows password Hash

Source: Internet
Author: User

I have already discussed what a rainbow table is. If you do not know what a rainbow table is, read it first. Next we will introduce how to crack windows Hash through the rainbow table through examples. Before that, it is necessary to explain in detail Windows Hash. Windows Hash has two types: LM (Lan Manage) Hash and NTLM (New Technology Lan Manage) Hash:

1. LM Hash: divide the password into n (n is 1-2) Seven-byte segments, fill in the missing 0 segments, then add a byte for each segment, and use DES for encrypted storage.

2. NTLM Hash: MD4 + RSA encrypted storage.

Among them, the 9X operating systems use LM; 2 K, XP, 2K3 to maintain compatibility, while using LM and NTLM; Vista, 2008, Win7 uses NTLM.

Start now. Let's start with the idea: Use pwdump6 to export the windows hash file-> Use ophcrach to crack it. Three tools are used in this article: pwdump6, XP free fast (rainbow table), and ophcrack. Click these links to go To the download page.

Step 1: export windows hash files
In this step, you must have a user account with the administrative permissions on the remote host and enable IPC $ AND Admin $ sharing (enabled by default) to use pwdump to obtain windows hash. Here, you may ask: What is the significance of cracking if a user account with administrative permissions on the remote host is used? In fact, it makes a lot of sense. For example, if you obtain the remote host shell through overflow or Web intrusion, you can easily access the host next time in order not to let the Administrator notice it, we have to crack the password of an existing user. At the same time, we have to crack the password on this host and use the collected information for comprehensive analysis, you can easily access other hosts in the network. Now, I am starting my work. Download the package and decompress it in pwdump. Then, run the following command to switch to the pwdump directory:

Pwdump.exe-u username-p password-o win. hash host # username is the user name with administrator permissions; # password is the password; # host is the name or IP address of the computer with IPC $ AND admin $ enabled;

After the command is executed, a Windows hash file is generated in the pwdump directory. OK. Step 1 is complete!

Step 2: start cracking

Install the downloaded ophcreak and run the ophcreak. The ophcreak interface is as follows:

A. Install the rainbow table:

Click "Tables" to bring up the "Table Selection" interface. On the "Table Selection" interface, select the corresponding rainbow Table. We downloaded XP free fast (703 MB ), so here we select "XP free fast", click "Install", select the decompressed rainbow table path (the path cannot contain Chinese characters), and click "OK, when the dots in front of the rainbow table name change from red to green, the correct installation of the rainbow table is completed.

B. Load Windows Hash:

Click the "Load" button, select "pwdump file" from the drop-down menu, and select the "win. hash" file we just exported to Load Windows Hash. As shown in:

C. Start cracking

After configuration, click the Crack button to start cracking. The following is the result of my attack. It took more than four minutes. It will take a while!

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.