Jump to content


Photo
- - - - -

how do you retrieve password hashes?


This topic has been archived. This means that you cannot reply to this topic.
7 replies to this topic

#1 teknicalissue

teknicalissue
  • Members
  • Hak5 Fan

  • PipPip
  • 31 posts

Posted 10 May 2008 - 09:49 AM

well this is a question to just simply satisfy my curiosity, i know there are programs like pwdump and things like that.. but all i want to know is how they work, where are these hashes located and how do those types of software retrieve em?

#2 Sparda

Sparda
  • Active Members
  • Hak5 Junkie

  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,849 posts

Posted 10 May 2008 - 01:57 PM

Hashing is one way. If the hash function is any good (Lanman is compleatly not) the passwords should be lost. Only methods such as rainbow tables or brute forcing are any good.

#3 GonZor

GonZor
  • Members
  • Hak5 Pirate

  • PipPipPipPipPipPip
  • 352 posts

Posted 11 May 2008 - 06:49 AM

I think he was actually referring to how pwdump/fgdump extract the hash from the machine not how to crack the password.
GonZor's SwitchBlade
----------
Remember not to forget that which you did not need to know...

#4 teknicalissue

teknicalissue
  • Members
  • Hak5 Fan

  • PipPip
  • 31 posts

Posted 11 May 2008 - 11:23 AM

yep thats what i meant

#5 bluntm

bluntm
  • Active Members
  • Hackling

  • Pip
  • 15 posts

Posted 13 May 2008 - 08:59 AM

yea i have always wanted to know how to get the hash, form the computer, there is a lot on how to crack the hash
00011 01000 10010 01001 10011 10100 11001 01101 00001 10101 00111 01000 01101 01001 01110

#6 sbtUK

sbtUK
  • Members
  • Newbie

  • 3 posts

Posted 29 May 2008 - 03:16 PM

I'm afraid I don't have the knowledge to furnish you with details about how the programs actually get the hashes from the file: I can tell you that the passwords / users file on a default WinXP install is: C:\WINDOWS\system32\config\sam

The SAM file is just a text file as far as I know, although windows won't let you open it while windows is running.
If you boot from a Linux live cd or similar with NTFS support you could open it up and have a look at it.
Or you could make a copy of the file with the windows recovery console (There's an option for it when you boot from a winxp cd).

Of course, you could use one of the programs you mentioned too :-P
Eat a third of a Mars bar a day.

#7 snakey

snakey
  • Banned
  • Hak5 Ninja

  • PipPipPipPipPipPipPip
  • 618 posts

Posted 30 May 2008 - 06:35 AM

um irongeek did a bit on this he used hashtabs. This created heaps of different hashes and you can choose which ones to show and which ones not to show.

#8 eman7613

eman7613
  • Members
  • Hak5 Fan

  • PipPip
  • 24 posts

Posted 12 June 2008 - 01:19 AM

i don't know if responding to older threads is a horrible sin and abomination against the trolls here, but i shall respond since im new, bored, and waiting to rip 18 cds.

fist: program has to know were the target hash is located (ie: the sam file in windows as previously mentioned)
second: You must know what hash method is used to generate said hash file. this can be accomplished with a good (ie: set the password to "bobyboy" and generate a hash from "bobyboy" using several different algorithms)hour or so of guess work work, or reduced to possibly fruitless reverse engineering if hashes are salted.
third: generate and check hashes against the target untill you get a match (and technically, its possible to get two!)