danielbrthwt Posted June 27, 2010 Share Posted June 27, 2010 Is there a way to brute force in to a windows computer with a USB with out haveing to boot of it ? Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 27, 2010 Share Posted June 27, 2010 Take the hard disk. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted June 27, 2010 Share Posted June 27, 2010 LOL sparda, I've never seen a USB crowbar before. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 27, 2010 Share Posted June 27, 2010 I WANT ONE! Slap a Hak.5 sticker on it and put it up on the store.. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 28, 2010 Share Posted June 28, 2010 (edited) Is there a way to brute force in to a windows computer with a USB with out haveing to boot of it ? A bit tricky though, but it's possible. It could carry a hash dump utility, which extracts the windows password hash, and then saves it to a file. The only problem is that any antivirus software will potentially detect it as trojan, which could impede it from running and potentially retrieving the hash. You will need to find a way to detect what antivirus the system is running, so it can be disabled beforehand, or you will have to think of other means to bypass any local security. I know it does not sound like brute forcing but its way to break into the system. Edited June 28, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Netshroud Posted June 28, 2010 Share Posted June 28, 2010 On a more serious note: It could possibly be done with the USB rubber ducky Quote Link to comment Share on other sites More sharing options...
Sparda Posted June 28, 2010 Share Posted June 28, 2010 The trouble with any type of brute forcing of this manor is that after every 3 or so password attempts you have to wait 30 seconds before the next few attempts. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted June 28, 2010 Share Posted June 28, 2010 (edited) On a serious note. Last I knew that you could run scripts with FireWire because it has direct memory access i think. Not sure if it's still valid. The best bet would be to boot the machine via USB version of BackTrack4 and extract the hashes. Take hashes home and crack them on your own time instead of looking suspicious as hell in front of someone else's computer. I think that meets the requirements of Brute forcing and USB :D Edited June 28, 2010 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
psydT0ne Posted June 28, 2010 Share Posted June 28, 2010 What are we trying to do here? Just acess the box in general or...? http://pogostick.net/~pnh/ntpasswd/ Quote Link to comment Share on other sites More sharing options...
Wetwork Posted June 29, 2010 Share Posted June 29, 2010 NIIIICCCCEEEE. Might be a little hard to fit in your pocket but i'm sure that Darren can find a place for it next to his droid on his bike! Take the hard disk. Quote Link to comment Share on other sites More sharing options...
Wetwork Posted June 29, 2010 Share Posted June 29, 2010 Use the USB verson of Ophcrack if the system has decent memory you can get the hashes for all passwords within a few min. OR as previously mentioned USB BT4 to do the same thing Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted June 30, 2010 Share Posted June 30, 2010 (edited) You do not want to 'brute force' into computers, it is one of the least effective ways to go about it and really you'll just be wasting your time. Sure it has a cool name but if you have physical access there are far more effective methods then brute force (see above). Edited June 30, 2010 by sablefoxx Quote Link to comment Share on other sites More sharing options...
Trip Posted June 30, 2010 Share Posted June 30, 2010 oph crack ? Quote Link to comment Share on other sites More sharing options...
Wetwork Posted July 1, 2010 Share Posted July 1, 2010 (edited) http://ophcrack.sourceforge.net/ Nuff said oph crack ? Edited July 1, 2010 by Wetwork Quote Link to comment Share on other sites More sharing options...
slayer9019 Posted July 29, 2010 Share Posted July 29, 2010 like the rest say...oph crack + usb = in Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 29, 2010 Share Posted July 29, 2010 oph crack ? The only problem with OPHcrack is that it has limitations on how many characters it can crack. So if your password is over 15 characters it will be useless. Unless you have a lot of processing computer power, you could run a distributed password recovery utility like Elcomsoft Password recovery software. or you could just use offline nt password, to reset the password which will be a lot simpler. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted July 30, 2010 Share Posted July 30, 2010 (edited) The only problem with OPHcrack is that it has limitations on how many characters it can crack. So if your password is over 15 characters it will be useless. Not entirely true. The Ophcrack XP tables can't crack anything more than 14 characters, but this is only because of the way Windows XP implements its password hashing procedure. Say your password is "password1234" What happens (as far as I know) is: "password1234" is split and becomes "passwor" and "d1234" "passwor" is hashed and stored/compared and "d1234" is separately hashed and stored/compared Notice how "passwor" is 7 digits. That is how LM hashed passwords are stored in XP. So, if you had a password of 15+, the password cannot be split into 7-chars and 7-chars and is consequently not hashed using LM, but is instead hashed using NTLM. Therefore, it is still possible to crack, you just need the right rainbow tables, but 15+ digits... in rainbow tables... is a whole hell of a lot of space. I just wanted to clear that up a little and kind of explain what was actually going on. Edited July 30, 2010 by H@L0_F00 Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 30, 2010 Share Posted July 30, 2010 Not entirely true. The Ophcrack XP tables can't crack anything more than 14 characters, but this is only because of the way Windows XP implements its password hashing procedure. Say your password is "password1234" What happens (as far as I know) is: "password1234" is split and becomes "passwor" and "d1234" "passwor" is hashed and stored/compared and "d1234" is separately hashed and stored/compared Notice how "passwor" is 7 digits. That is how LM hashed passwords are stored in XP. So, if you had a password of 15+, the password cannot be split into 7-chars and 7-chars and is consequently not hashed using LM, but is instead hashed using NTLM. Therefore, it is still possible to crack, you just need the right rainbow tables, but 15+ digits... in rainbow tables... is a whole hell of a lot of space. I just wanted to clear that up a little and kind of explain what was actually going on. It is possible to crack passwords of over 15 characters long if you are using NTLM, but most of the rainbow tables available today, are not up to cracking 15 characters, the rainbow table itself will have to be massive, which would require a lot of computer processing power to generate them, as well as a dedicated data storage center that can hold petabytes of storage space. Maybe one day, but yes you are right on the lm hashes, it can only crack 7 characters due to its design. Quote Link to comment Share on other sites More sharing options...
BattZ Posted August 2, 2010 Share Posted August 2, 2010 Well, there are a few different programs for brute force. Is there a particular reason you want to use brute force, or are you just looking to gain access to it. As most people have said before, brute force is highly ineffective and time consuming for passwords above 3 characters, but even 3 is pushing it if there is a lock-out after 3 or 5 passwords. More information is always better. Quote Link to comment Share on other sites More sharing options...
Guest Deleted_Account Posted August 3, 2010 Share Posted August 3, 2010 Surprised no one mentioned KonBoot no bruteforce/Rainbow tables needed! As for Oph-crack throwing a space in USED to prevent cracking but now at least the vista tables, have space included. i still use a space in there though as the tables that include it are the 10 GB ones i believe ;p Quote Link to comment Share on other sites More sharing options...
Dark Ansi Posted August 7, 2010 Share Posted August 7, 2010 I agree ophcrack is the most elegant, specially used with the proper rainbow table. I have a rainbow table that can crack a 20 character password. It requires an 8gig flash drive though. It can use the following characters {space} 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ Quote Link to comment Share on other sites More sharing options...
BattZ Posted August 8, 2010 Share Posted August 8, 2010 I thought ophcrack could only do up to 14? is there a new version or did you change some setting in yours to allow 20? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted September 3, 2010 Share Posted September 3, 2010 (edited) I thought ophcrack could only do up to 14? is there a new version or did you change some setting in yours to allow 20? Ophcrack can crack a lot more than just 14 characters if you are using NTLM. But the only problem is the rainbow tables itself. They need to be very large in size to be able to crack passwords in great lengths. You can also generate your own rainbow table with RTgen.exe, but be advised that it will require a lot of CPU power, and storage as well. Best to use ntpassword offline if you want to reset the password or change it. Edited September 3, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Trip Posted October 13, 2010 Share Posted October 13, 2010 (edited) just reset the admin account ffs .... use hirens boot cd ... no real need to brute force if your recovering the password for someone then reset there account via the admin if not just use the admin account to view the other users files ;) Edited October 13, 2010 by Trip Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted October 13, 2010 Share Posted October 13, 2010 A real, complete rainbow table built for 20 character passwords with the keyspace you mentioned would be far larger than 8gb I think. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.