Do you ever use a computer in a computer lab or borrow a friend or even use a computer in a public place? Well, usually klo in the Lab (based on personal experience) computer would be if you want to enter a password and should be asked first to the owner. Well, now we can see the password of the computer that we use without restarting the computer or even without installing any program like Cain, L0pthCrack, etc.. It only takes a little 'trust' to borrow a computer (fancy term social engineering) and two fruits of the program, namely pwdump6 and john the ripper. But klo happened to be common with the type of administrator login, that's hockey! cape2 not need a: friend lending login again:-D.
Previously you may never get a tutorial on how to know the user's password to hack an existing Windows XP or NT using pwdump. Yup, maybe this tutorial will be similar to the know-how to hack Windows XP, especially Windows XP SP2. Then what is the difference with the other tutorials? Currently Windows XP SP2 (or maybe SP1, CMIIW), used to protect Syskey to hash (to store encrypted passwords) can not be read and didump use or samdump pwdump. For more details, the following description of the Syskey [1]
Syskey is a Windows feature that adds an additional encryption layer to the password hashes stored in the SAM database. The main purpose of this feature is to deter ‘offline’ attack. In fact one of the most common ways to gather passwords is to copy the system SAM database and then use one of the many good password crackers to “recover” the passwords; of course physical access is almost always required. So with syskey the attacker needs to remove the additional encryption layer to get the password hashes.
If the first possible in Windows NT or XP (before SP2), we can still use pwdump or even directly with KaHT, then for Windows XP SP2 can not be used this way again (perhaps more accurately, pwdump can not be used again). Well this is the difference with the previous tutorial. If we use our previous pwdump old version, it is now used pwdump6 developed by fizzgig and the Team. If you read the README from this pwdump6, then pwdump6 are:
pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on pwdump3e, and should be stable on XP SP2 and 2K3. If you have had LSASS crash on you using older tools, this should fix that.

A significantly modified version of pwdump3e, this program is able to extract NTLM and LanMan hashes from a Windows target, regardless of whether Syskey is turned on. It is also capable of displaying password histories if they are available. It outputs the data in L0phtcrack-compatible form, and can write to an output file.
so pwdumpd6 can run and get the hash files needed an account that has Administrator equivalent access. Now, therefore, we must run a little social engineering. Just say to our friend, klo access the workgroup, but can klo ga pake ordinary login. But calm, usually by default the people most mebuat user with administrator account type. Or use a variety of ways, resources, effort and persuasion so that we can be able to log in first.

If you already have access to the login type of administrators, the next way is to stay running pwdump6. If you have a flash, save it and take it wherever there continues pwdump6 go, who knows handy someday .. :-D. Ok, we run pwdump6 immediately wrote this. We recommend that you first copy to the hard disk pwdump6 (do not run from flashdik).
1. CMD Run (Run-> cmd)

2. Run pwdump6 as follows (eg PwDump6 located in the folder D: \ PwDump6)

D:\PwDump6>PwDump.exe -o pass.txt

pwdump6 Version 1.3.0 by fizzgig and the mighty group at
Copyright 2006

This program is free software under the GNU
General Public License Version 2 (GNU GPL), you can redistribute it and/or
modify it under the terms of the GNU GPL, as published by the Free Software
PROGRAM. Please see the COPYING file included with this program
and the GNU GPL for further details.

Using pipe {C411BDE9-594E-47F4-99B5-E94ADF194A45}
Key length is 16
3. After that we will get pass.txt file containing a list of user and password are still encrypted. An example would look like the following:
Guest:501:NO PASSWORD********************* :NO PASSWORD*********************:::
HelpAssistant:1000:B3D2AE56C93F27B43C4F8419B1A21E9B: DC3DBB258A10B0C7EA9D92133267B905:::
SUPPORT_388945a0:1002:NO PASSWORD*********************: DF1DB672DA1B5C045ECA2490CA753D3B:::
4. OK! password already in hands. The next task is pulled pass.txt crack file with the help of John The Ripper. We recommend that you first save the file to a USB pass.txt or upload them to a safe place, because this cracking process can be done anytime and anywhere. Based on experience, if not too difficult to guess password such as "adminkeren", "qwerty123", which does not usually take too long to mengecracknya by John The Ripper. But if the password using a combination of strange things like "P4ssW0rD", "S03S4h", etc., usually take longer, be left to sleep or maen aja first. Ok, now how ngecraknya gini nih.

Download John The Ripper for Windows. For computers that use AMD processor, we recommend using a "john-mmx.exe". Or for that use Intel or AMD, can use the "John-386.exe". Previously pass.txt copy files into the folder where the "John-mmx.exe" or "John-386.exe" is (John171w \ john1701 \ run). After that, run the following command to stay and wait patiently for:
D:\john171w\john1701\run>john-mmx.exe pass.txt
Loaded 8 password hashes with no different salts (NT LM DES [64/64 BS MMX])
REN123 (Administrator:2)
TEBAK (Try:2)
ADMINKE (Administrator:1)
OK! password is now invisible visible. So the password for user "Administrator" is "adminkeren123", derived from combining Administrators: 2 and Administrators: 2

Administrator:1+Administrator:2 = adminkeren123
while for the user "try" is "predictable"!

Easy is not it? The point still live capture file hash (password encrypted) using pwdump6 then crack the result with John The Ripper.

Now, if we want to use computers in the Lab friends, his people do not have to search again. Stay pake aja Admin user directly again, but do not get caught with him ... .. :-D Or if you forget the administrator password, do not need to reboot the computer, then reset your password. Staying involved STEP 2 above ONLY!

What's on Your Mind...

My Blog List


guest book

ShoutMix chat widget