Jump to content


Photo
- - - - -

how do you retrieve password hashes?


  • Please log in to reply
7 replies to this topic

#1 teknicalissue

teknicalissue

    Hak5 Fan

  • Members
  • PipPip
  • 31 posts

Posted 10 May 2008 - 09:49 AM

well this is a question to just simply satisfy my curiosity, i know there are programs like pwdump and things like that.. but all i want to know is how they work, where are these hashes located and how do those types of software retrieve em?

#2 Sparda

Sparda

    Hak5 Junkie

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,849 posts
  • Gender:Male

Posted 10 May 2008 - 01:57 PM

Hashing is one way. If the hash function is any good (Lanman is compleatly not) the passwords should be lost. Only methods such as rainbow tables or brute forcing are any good.

#3 GonZor

GonZor

    Hak5 Pirate

  • Members
  • PipPipPipPipPipPip
  • 352 posts
  • Location:Australia

Posted 11 May 2008 - 06:49 AM

I think he was actually referring to how pwdump/fgdump extract the hash from the machine not how to crack the password.
GonZor's SwitchBlade
----------
Remember not to forget that which you did not need to know...

#4 teknicalissue

teknicalissue

    Hak5 Fan

  • Members
  • PipPip
  • 31 posts

Posted 11 May 2008 - 11:23 AM

yep thats what i meant

#5 bluntm

bluntm

    Hackling

  • Active Members
  • Pip
  • 15 posts

Posted 13 May 2008 - 08:59 AM

yea i have always wanted to know how to get the hash, form the computer, there is a lot on how to crack the hash
00011 01000 10010 01001 10011 10100 11001 01101 00001 10101 00111 01000 01101 01001 01110

#6 sbtUK

sbtUK

    Newbie

  • Members
  • 3 posts
  • Gender:Male
  • Location:UK

Posted 29 May 2008 - 03:16 PM

I'm afraid I don't have the knowledge to furnish you with details about how the programs actually get the hashes from the file: I can tell you that the passwords / users file on a default WinXP install is: C:\WINDOWS\system32\config\sam

The SAM file is just a text file as far as I know, although windows won't let you open it while windows is running.
If you boot from a Linux live cd or similar with NTFS support you could open it up and have a look at it.
Or you could make a copy of the file with the windows recovery console (There's an option for it when you boot from a winxp cd).

Of course, you could use one of the programs you mentioned too :-P
Eat a third of a Mars bar a day.

#7 snakey

snakey

    Hak5 Ninja

  • Banned
  • PipPipPipPipPipPipPip
  • 618 posts
  • Location:OZ

Posted 30 May 2008 - 06:35 AM

um irongeek did a bit on this he used hashtabs. This created heaps of different hashes and you can choose which ones to show and which ones not to show.

#8 eman7613

eman7613

    Hak5 Fan

  • Members
  • PipPip
  • 24 posts

Posted 12 June 2008 - 01:19 AM

i don't know if responding to older threads is a horrible sin and abomination against the trolls here, but i shall respond since im new, bored, and waiting to rip 18 cds.

fist: program has to know were the target hash is located (ie: the sam file in windows as previously mentioned)
second: You must know what hash method is used to generate said hash file. this can be accomplished with a good (ie: set the password to "bobyboy" and generate a hash from "bobyboy" using several different algorithms)hour or so of guess work work, or reduced to possibly fruitless reverse engineering if hashes are salted.
third: generate and check hashes against the target untill you get a match (and technically, its possible to get two!)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users