Jump to content

Archived

This topic is now archived and is closed to further replies.

danielbrthwt

How To Brute Force In To A Windows Computer With A Usb

Recommended Posts

Is there a way to brute force in to a windows computer with a USB with out haveing to boot of it ?

Share this post


Link to post
Share on other sites
Is there a way to brute force in to a windows computer with a USB with out haveing to boot of it ?

A bit tricky though, but it's possible. It could carry a hash dump utility, which extracts the windows password hash, and then saves it to a file.

The only problem is that any antivirus software will potentially detect it as trojan, which could impede it from running and potentially retrieving the hash.

You will need to find a way to detect what antivirus the system is running, so it can be disabled beforehand, or you will have to think of other means to bypass any local security.

I know it does not sound like brute forcing but its way to break into the system.

Share this post


Link to post
Share on other sites

On a more serious note: It could possibly be done with the USB rubber ducky

Share this post


Link to post
Share on other sites

The trouble with any type of brute forcing of this manor is that after every 3 or so password attempts you have to wait 30 seconds before the next few attempts.

Share this post


Link to post
Share on other sites

On a serious note. Last I knew that you could run scripts with FireWire because it has direct memory access i think. Not sure if it's still valid.

The best bet would be to boot the machine via USB version of BackTrack4 and extract the hashes. Take hashes home and crack them on your own time instead of looking suspicious as hell in front of someone else's computer. I think that meets the requirements of Brute forcing and USB :D

Share this post


Link to post
Share on other sites

NIIIICCCCEEEE. Might be a little hard to fit in your pocket but i'm sure that Darren can find a place for it next to his droid on his bike!

usbcrowbar.jpg

Take the hard disk.

Share this post


Link to post
Share on other sites

Use the USB verson of Ophcrack if the system has decent memory you can get the hashes for all passwords within a few min. OR as previously mentioned USB BT4 to do the same thing

Share this post


Link to post
Share on other sites

You do not want to 'brute force' into computers, it is one of the least effective ways to go about it and really you'll just be wasting your time.

Sure it has a cool name but if you have physical access there are far more effective methods then brute force (see above).

Share this post


Link to post
Share on other sites

oph crack ?

Share this post


Link to post
Share on other sites

like the rest say...oph crack + usb = in

Share this post


Link to post
Share on other sites
oph crack ?

The only problem with OPHcrack is that it has limitations on how many characters it can crack. So if your password is over 15 characters it will be useless.

Unless you have a lot of processing computer power, you could run a distributed password recovery utility like Elcomsoft Password recovery software.

or you could just use offline nt password, to reset the password which will be a lot simpler.

Share this post


Link to post
Share on other sites
The only problem with OPHcrack is that it has limitations on how many characters it can crack. So if your password is over 15 characters it will be useless.

Not entirely true.

The Ophcrack XP tables can't crack anything more than 14 characters, but this is only because of the way Windows XP implements its password hashing procedure.

Say your password is "password1234"

What happens (as far as I know) is:

"password1234" is split and becomes "passwor" and "d1234"

"passwor" is hashed and stored/compared and "d1234" is separately hashed and stored/compared

Notice how "passwor" is 7 digits. That is how LM hashed passwords are stored in XP.

So, if you had a password of 15+, the password cannot be split into 7-chars and 7-chars and is consequently not hashed using LM, but is instead hashed using NTLM.

Therefore, it is still possible to crack, you just need the right rainbow tables, but 15+ digits... in rainbow tables... is a whole hell of a lot of space.

I just wanted to clear that up a little and kind of explain what was actually going on.

Share this post


Link to post
Share on other sites
Not entirely true.

The Ophcrack XP tables can't crack anything more than 14 characters, but this is only because of the way Windows XP implements its password hashing procedure.

Say your password is "password1234"

What happens (as far as I know) is:

"password1234" is split and becomes "passwor" and "d1234"

"passwor" is hashed and stored/compared and "d1234" is separately hashed and stored/compared

Notice how "passwor" is 7 digits. That is how LM hashed passwords are stored in XP.

So, if you had a password of 15+, the password cannot be split into 7-chars and 7-chars and is consequently not hashed using LM, but is instead hashed using NTLM.

Therefore, it is still possible to crack, you just need the right rainbow tables, but 15+ digits... in rainbow tables... is a whole hell of a lot of space.

I just wanted to clear that up a little and kind of explain what was actually going on.

It is possible to crack passwords of over 15 characters long if you are using NTLM, but most of the rainbow tables available today, are not up to cracking 15 characters, the rainbow table itself will have to be massive, which would require a lot of computer processing power to generate them, as well as a dedicated data storage center that can hold petabytes of storage space.

Maybe one day, but yes you are right on the lm hashes, it can only crack 7 characters due to its design.

Share this post


Link to post
Share on other sites

Well, there are a few different programs for brute force. Is there a particular reason you want to use brute force, or are you just looking to gain access to it. As most people have said before, brute force is highly ineffective and time consuming for passwords above 3 characters, but even 3 is pushing it if there is a lock-out after 3 or 5 passwords.

More information is always better.

Share this post


Link to post
Share on other sites
Guest Deleted_Account

Surprised no one mentioned KonBoot no bruteforce/Rainbow tables needed! As for Oph-crack throwing a space in USED to prevent cracking but now at least the vista tables, have space included. i still use a space in there though as the tables that include it are the 10 GB ones i believe ;p

Share this post


Link to post
Share on other sites

I agree ophcrack is the most elegant, specially used with the proper rainbow table. I have a rainbow table that can crack a 20 character password. It requires an 8gig flash drive though. It can use the following characters

{space} 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~

Share this post


Link to post
Share on other sites

I thought ophcrack could only do up to 14? is there a new version or did you change some setting in yours to allow 20?

Share this post


Link to post
Share on other sites
I thought ophcrack could only do up to 14? is there a new version or did you change some setting in yours to allow 20?

Ophcrack can crack a lot more than just 14 characters if you are using NTLM.

But the only problem is the rainbow tables itself. They need to be very large in size to be able to crack passwords in great lengths.

You can also generate your own rainbow table with RTgen.exe, but be advised that it will require a lot of CPU power, and storage as well.

Best to use ntpassword offline if you want to reset the password or change it.

Share this post


Link to post
Share on other sites

just reset the admin account ffs .... use hirens boot cd ... no real need to brute force

if your recovering the password for someone then reset there account via the admin

if not just use the admin account to view the other users files ;)

Share this post


Link to post
Share on other sites

A real, complete rainbow table built for 20 character passwords with the keyspace you mentioned would be far larger than 8gb I think.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...