Jump to content

How To Brute Force In To A Windows Computer With A Usb


danielbrthwt

Recommended Posts

Is there a way to brute force in to a windows computer with a USB with out haveing to boot of it ?

A bit tricky though, but it's possible. It could carry a hash dump utility, which extracts the windows password hash, and then saves it to a file.

The only problem is that any antivirus software will potentially detect it as trojan, which could impede it from running and potentially retrieving the hash.

You will need to find a way to detect what antivirus the system is running, so it can be disabled beforehand, or you will have to think of other means to bypass any local security.

I know it does not sound like brute forcing but its way to break into the system.

Edited by Infiltrator
Link to comment
Share on other sites

On a serious note. Last I knew that you could run scripts with FireWire because it has direct memory access i think. Not sure if it's still valid.

The best bet would be to boot the machine via USB version of BackTrack4 and extract the hashes. Take hashes home and crack them on your own time instead of looking suspicious as hell in front of someone else's computer. I think that meets the requirements of Brute forcing and USB :D

Edited by Mr-Protocol
Link to comment
Share on other sites

You do not want to 'brute force' into computers, it is one of the least effective ways to go about it and really you'll just be wasting your time.

Sure it has a cool name but if you have physical access there are far more effective methods then brute force (see above).

Edited by sablefoxx
Link to comment
Share on other sites

  • 4 weeks later...
oph crack ?

The only problem with OPHcrack is that it has limitations on how many characters it can crack. So if your password is over 15 characters it will be useless.

Unless you have a lot of processing computer power, you could run a distributed password recovery utility like Elcomsoft Password recovery software.

or you could just use offline nt password, to reset the password which will be a lot simpler.

Link to comment
Share on other sites

The only problem with OPHcrack is that it has limitations on how many characters it can crack. So if your password is over 15 characters it will be useless.

Not entirely true.

The Ophcrack XP tables can't crack anything more than 14 characters, but this is only because of the way Windows XP implements its password hashing procedure.

Say your password is "password1234"

What happens (as far as I know) is:

"password1234" is split and becomes "passwor" and "d1234"

"passwor" is hashed and stored/compared and "d1234" is separately hashed and stored/compared

Notice how "passwor" is 7 digits. That is how LM hashed passwords are stored in XP.

So, if you had a password of 15+, the password cannot be split into 7-chars and 7-chars and is consequently not hashed using LM, but is instead hashed using NTLM.

Therefore, it is still possible to crack, you just need the right rainbow tables, but 15+ digits... in rainbow tables... is a whole hell of a lot of space.

I just wanted to clear that up a little and kind of explain what was actually going on.

Edited by H@L0_F00
Link to comment
Share on other sites

Not entirely true.

The Ophcrack XP tables can't crack anything more than 14 characters, but this is only because of the way Windows XP implements its password hashing procedure.

Say your password is "password1234"

What happens (as far as I know) is:

"password1234" is split and becomes "passwor" and "d1234"

"passwor" is hashed and stored/compared and "d1234" is separately hashed and stored/compared

Notice how "passwor" is 7 digits. That is how LM hashed passwords are stored in XP.

So, if you had a password of 15+, the password cannot be split into 7-chars and 7-chars and is consequently not hashed using LM, but is instead hashed using NTLM.

Therefore, it is still possible to crack, you just need the right rainbow tables, but 15+ digits... in rainbow tables... is a whole hell of a lot of space.

I just wanted to clear that up a little and kind of explain what was actually going on.

It is possible to crack passwords of over 15 characters long if you are using NTLM, but most of the rainbow tables available today, are not up to cracking 15 characters, the rainbow table itself will have to be massive, which would require a lot of computer processing power to generate them, as well as a dedicated data storage center that can hold petabytes of storage space.

Maybe one day, but yes you are right on the lm hashes, it can only crack 7 characters due to its design.

Link to comment
Share on other sites

Well, there are a few different programs for brute force. Is there a particular reason you want to use brute force, or are you just looking to gain access to it. As most people have said before, brute force is highly ineffective and time consuming for passwords above 3 characters, but even 3 is pushing it if there is a lock-out after 3 or 5 passwords.

More information is always better.

Link to comment
Share on other sites

Guest Deleted_Account

Surprised no one mentioned KonBoot no bruteforce/Rainbow tables needed! As for Oph-crack throwing a space in USED to prevent cracking but now at least the vista tables, have space included. i still use a space in there though as the tables that include it are the 10 GB ones i believe ;p

Link to comment
Share on other sites

I agree ophcrack is the most elegant, specially used with the proper rainbow table. I have a rainbow table that can crack a 20 character password. It requires an 8gig flash drive though. It can use the following characters

{space} 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

Link to comment
Share on other sites

  • 4 weeks later...
I thought ophcrack could only do up to 14? is there a new version or did you change some setting in yours to allow 20?

Ophcrack can crack a lot more than just 14 characters if you are using NTLM.

But the only problem is the rainbow tables itself. They need to be very large in size to be able to crack passwords in great lengths.

You can also generate your own rainbow table with RTgen.exe, but be advised that it will require a lot of CPU power, and storage as well.

Best to use ntpassword offline if you want to reset the password or change it.

Edited by Infiltrator
Link to comment
Share on other sites

  • 1 month later...

just reset the admin account ffs .... use hirens boot cd ... no real need to brute force

if your recovering the password for someone then reset there account via the admin

if not just use the admin account to view the other users files ;)

Edited by Trip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...