Jump to content

Ophcrack Vista Free Tables, Useless?


H@L0_F00

Recommended Posts

With more and more people using Vista and Win7, I decided it was time to get my NT hash cracking on. So, I installed Windows 7 in a VM, setup up some lame test accounts:

Username:Password

Test:seven

lame:lame

lamepass:lamepass

yourmom:yourmom

18j4:18j4

I then ran it through Ophcrack. What came up? Nothing but "lame" and "l8j4" and they were only found because Ophcrack bruteforces from 1-4 characters. I was quite surprised that the other passwords couldn't be found... I know Ophcrack exploits the weak LM hash used in XP and preceding, while the Vista Free tables are based on a dictionary and mutations, but I still figured that it would find all of those lame passwords... Yet, it didn't.

I was just wondering, if any of you have cracked some NT hashes, be it from Vista or Windows 7, did you use Ophcrack? What was the password? What tables did you use? And, how long did it take?

If you use something other than Ophcrack (JTR, Cain, etc.), what do you use? What tables do you use and how large are they? On average, how long does it take you to crack an NT hash?

Link to comment
Share on other sites

With more and more people using Vista and Win7, I decided it was time to get my NT hash cracking on. So, I installed Windows 7 in a VM, setup up some lame test accounts:

Username:Password

Test:seven

lame:lame

lamepass:lamepass

yourmom:yourmom

18j4:18j4

I then ran it through Ophcrack. What came up? Nothing but "lame" and "l8j4" and they were only found because Ophcrack bruteforces from 1-4 characters. I was quite surprised that the other passwords couldn't be found... I know Ophcrack exploits the weak LM hash used in XP and preceding, while the Vista Free tables are based on a dictionary and mutations, but I still figured that it would find all of those lame passwords... Yet, it didn't.

I was just wondering, if any of you have cracked some NT hashes, be it from Vista or Windows 7, did you use Ophcrack? What was the password? What tables did you use? And, how long did it take?

If you use something other than Ophcrack (JTR, Cain, etc.), what do you use? What tables do you use and how large are they? On average, how long does it take you to crack an NT hash?

I haven't had any luck with the Vista one, either.

Rainbow tables are a waste of time and space when it comes to getting into a Windows box, unless you're trying to access encrypted files. If you have access to the machine, it's yours in less than 5 minutes.

So how would one go about this? Keep in mind that in my case these are customer machines. All too often the during the intake process the non-technical office manager forgets to ask for the password. We trying calling the customer first, but sometimes you get one that doesn't call back for days (vacation, whatever). It would be nice if I could get the PW as easy as removing it.

Link to comment
Share on other sites

I agree, getting into a Windows box is easy, but you can't always remove/reset the password or use Kon-Boot, and sometimes you'd just like to know the password. When trying to access a machine more passively, you cannot remove the password or change it.

Link to comment
Share on other sites

No-one really said why they were cracking Windows boxes, I was just thinking about removing the password, which is easy as pie. Gotta do what you gotta do, right? Besides, if you back up the SAM, you can set the password to nothing, do what you need to do, then put the old SAM back and the original password will be reinstated.

Link to comment
Share on other sites

Wow... I'm kind of disappointed in myself for not realizing such a thing was possible... I mean, that's what I do with DeepFreeze... Anyways, thanks for that Moonlit.

I'm still interested in hearing a bit about what everybody else uses for cracking passes though, as I think I'm going to try to learn more about such things.

Link to comment
Share on other sites

I have used orphcrack, not too much with vista but with the 120GB of full data hak5 rainbow tables on torrent i should be able to crack any of them right? will LM also crack MD5 and SHA1 as well? Does Hak5 offer rainbow tables for md5 and sha-1? I did not know orphcrack only bruted up to 4 chars that is good to know, do LM tables even work with vista and 7?

Link to comment
Share on other sites

No-one really said why they were cracking Windows boxes, I was just thinking about removing the password, which is easy as pie. Gotta do what you gotta do, right? Besides, if you back up the SAM, you can set the password to nothing, do what you need to do, then put the old SAM back and the original password will be reinstated.

*blink blink* Oooohhhhh! Put it back! What a novel idea...

Never thought of that. In my case I didn't need to, though. Just let 'em know we removed it to do our work.

Every once in a while I get the "you can do that?!"

Link to comment
Share on other sites

I have heard of and know what SAM files are but never really knew its location on the drive, so i googled it and here is what i got, just incase some other people dont know where it is..

c:\windows\system32\config\sam (windows dir may vary)

c:\windows\repair\sam (possible backups in subfolders)

i am guessing for windows 7 and ultimate it is different.. does anyone know?

and is the file name just SAM. with no extention?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...