Archived

This topic is now archived and is closed to further replies.

H@L0_F00

Ophcrack Vista Free Tables, Useless?

14 posts in this topic

With more and more people using Vista and Win7, I decided it was time to get my NT hash cracking on. So, I installed Windows 7 in a VM, setup up some lame test accounts:

Username:Password

Test:seven

lame:lame

lamepass:lamepass

yourmom:yourmom

18j4:18j4

I then ran it through Ophcrack. What came up? Nothing but "lame" and "l8j4" and they were only found because Ophcrack bruteforces from 1-4 characters. I was quite surprised that the other passwords couldn't be found... I know Ophcrack exploits the weak LM hash used in XP and preceding, while the Vista Free tables are based on a dictionary and mutations, but I still figured that it would find all of those lame passwords... Yet, it didn't.

I was just wondering, if any of you have cracked some NT hashes, be it from Vista or Windows 7, did you use Ophcrack? What was the password? What tables did you use? And, how long did it take?

If you use something other than Ophcrack (JTR, Cain, etc.), what do you use? What tables do you use and how large are they? On average, how long does it take you to crack an NT hash?

0

Share this post


Link to post
Share on other sites

Rainbow tables are a waste of time and space when it comes to getting into a Windows box, unless you're trying to access encrypted files. If you have access to the machine, it's yours in less than 5 minutes.

0

Share this post


Link to post
Share on other sites

I cracked school LM hashes using Ophcrack. Haven't gotten anything with NTLM.

0

Share this post


Link to post
Share on other sites
With more and more people using Vista and Win7, I decided it was time to get my NT hash cracking on. So, I installed Windows 7 in a VM, setup up some lame test accounts:

Username:Password

Test:seven

lame:lame

lamepass:lamepass

yourmom:yourmom

18j4:18j4

I then ran it through Ophcrack. What came up? Nothing but "lame" and "l8j4" and they were only found because Ophcrack bruteforces from 1-4 characters. I was quite surprised that the other passwords couldn't be found... I know Ophcrack exploits the weak LM hash used in XP and preceding, while the Vista Free tables are based on a dictionary and mutations, but I still figured that it would find all of those lame passwords... Yet, it didn't.

I was just wondering, if any of you have cracked some NT hashes, be it from Vista or Windows 7, did you use Ophcrack? What was the password? What tables did you use? And, how long did it take?

If you use something other than Ophcrack (JTR, Cain, etc.), what do you use? What tables do you use and how large are they? On average, how long does it take you to crack an NT hash?

I haven't had any luck with the Vista one, either.

Rainbow tables are a waste of time and space when it comes to getting into a Windows box, unless you're trying to access encrypted files. If you have access to the machine, it's yours in less than 5 minutes.

So how would one go about this? Keep in mind that in my case these are customer machines. All too often the during the intake process the non-technical office manager forgets to ask for the password. We trying calling the customer first, but sometimes you get one that doesn't call back for days (vacation, whatever). It would be nice if I could get the PW as easy as removing it.

0

Share this post


Link to post
Share on other sites

I agree, getting into a Windows box is easy, but you can't always remove/reset the password or use Kon-Boot, and sometimes you'd just like to know the password. When trying to access a machine more passively, you cannot remove the password or change it.

0

Share this post


Link to post
Share on other sites

No-one really said why they were cracking Windows boxes, I was just thinking about removing the password, which is easy as pie. Gotta do what you gotta do, right? Besides, if you back up the SAM, you can set the password to nothing, do what you need to do, then put the old SAM back and the original password will be reinstated.

0

Share this post


Link to post
Share on other sites

Wow... I'm kind of disappointed in myself for not realizing such a thing was possible... I mean, that's what I do with DeepFreeze... Anyways, thanks for that Moonlit.

I'm still interested in hearing a bit about what everybody else uses for cracking passes though, as I think I'm going to try to learn more about such things.

0

Share this post


Link to post
Share on other sites

I have used orphcrack, not too much with vista but with the 120GB of full data hak5 rainbow tables on torrent i should be able to crack any of them right? will LM also crack MD5 and SHA1 as well? Does Hak5 offer rainbow tables for md5 and sha-1? I did not know orphcrack only bruted up to 4 chars that is good to know, do LM tables even work with vista and 7?

0

Share this post


Link to post
Share on other sites
No-one really said why they were cracking Windows boxes, I was just thinking about removing the password, which is easy as pie. Gotta do what you gotta do, right? Besides, if you back up the SAM, you can set the password to nothing, do what you need to do, then put the old SAM back and the original password will be reinstated.

*blink blink* Oooohhhhh! Put it back! What a novel idea...

Never thought of that. In my case I didn't need to, though. Just let 'em know we removed it to do our work.

Every once in a while I get the "you can do that?!"

0

Share this post


Link to post
Share on other sites

I have heard of and know what SAM files are but never really knew its location on the drive, so i googled it and here is what i got, just incase some other people dont know where it is..

c:\windows\system32\config\sam (windows dir may vary)

c:\windows\repair\sam (possible backups in subfolders)

i am guessing for windows 7 and ultimate it is different.. does anyone know?

and is the file name just SAM. with no extention?

0

Share this post


Link to post
Share on other sites

Yep, no extension, just 'SAM'. For those who dont know, the SAM is encrypted with a key, which is stored in 'SYSTEM'.

0

Share this post


Link to post
Share on other sites

C:\Windows\System32\config is where the SAM and SYSTEM files can be found on Windows 7 so I'm pretty sure it's the same for Vista.

0

Share this post


Link to post
Share on other sites

Same for Vista and XP. 2K I think it's C:\Winnt\System32\Config

0

Share this post


Link to post
Share on other sites

Ive had issues with ophcrack as well, simple seven alphanumerical characters. I dont know why but ophcrack has become not so useful.

0

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.