Sam Cracking

[G-Stress]

I'm building a box to crack ntlm hashes and ive seen numerous BackTrack videos on this. Would BackTrack be the best method to use on a box just to crack hashes? Also I thought using backtrack and mounting the ntfs partition i could just easily copy the SAM file for later cracking? I tried doing do and was able to copy the file, but i tried running it against a gui install of ophcrack in windows and it gave an error.

Is it possible to say copy the Sam file to a USB, email, upload it somehow to put against a brute or rainbow table attack?

[Infiltrator]

I'm building a box to crack ntlm hashes and ive seen numerous BackTrack videos on this. Would BackTrack be the best method to use on a box just to crack hashes? Also I thought using backtrack and mounting the ntfs partition i could just easily copy the SAM file for later cracking? I tried doing do and was able to copy the file, but i tried running it against a gui install of ophcrack in windows and it gave an error.

Is it possible to say copy the Sam file to a USB, email, upload it somehow to put against a brute or rainbow table attack?

1) you can use the live CD of ophcrack to save the hashes to an USB and then import them into a password cracking program.

2) or use pwddump to dump the hashes out sams, but you will need to have an admin account and be logged onto the system, plus you will need to turn off any security essential software.

[digip]

Dump the hashes while logged into linux, then crack withe whatever software of your choice. If Ophcrack isn't cracking them, either the passwords are over 14 characters in NTLM format, or it doesn't have the pass in its tables. Try oclHashcat if you have a cuda based card, and it should do the job in no time by brute forcing it through the GPU. The other option is just searching for the hash online, as there are many sites that contain cracked hashes already, so you don't need to do it twice. ex: http://cracker.offensive-security.com/, http://www.md5decrypter.co.uk/ntlm-decrypt.aspx

[G-Stress]

Sweet! Thanks guys. Isn't there a way to dump the hashes in BackTrack to USB? I don't know how I didn't realize the option was available in Ophcrack. 1 other question, this box is strictly going to be for this purpose, do you think it would be better to install BackTrack to the hard drive vs building a VM to do so?

2 server's at hand debating which one to use for this purpose. IBM x346 series with dual 3.2 xeon's I believe, 8GB ram or a PowerEdge R200 1.8 celeron with 4GB of ram. I've read a bit about the cuda method and if I can find a cuda capable card to fit in either of these server's then I will definitely throw one in.

[Infiltrator]

Sweet! Thanks guys. Isn't there a way to dump the hashes in BackTrack to USB? I don't know how I didn't realize the option was available in Ophcrack. 1 other question, this box is strictly going to be for this purpose, do you think it would be better to install BackTrack to the hard drive vs building a VM to do so?

2 server's at hand debating which one to use for this purpose. IBM x346 series with dual 3.2 xeon's I believe, 8GB ram or a PowerEdge R200 1.8 celeron with 4GB of ram. I've read a bit about the cuda method and if I can find a cuda capable card to fit in either of these server's then I will definitely throw one in.

1) If you use metasploit in backtrack to exploit a vulnerability in a xp box, then yes you can dump the hashes in backtrack and save them to an USB. I mean that's one way for dumping the hashes.

2) For the server specs I would go with the IBM x346, since it supports dual 3.2 xeon's cpu, and it has more power than the Dell poweredge.

[Mr-Protocol]

GPU cracking FTW

[G-Stress]

Ok thanks for all the info guys. Last stll exist. Would you guys recommend setting this box up via a VM on the IBM or a hdd install? I was thinking a VM with about 4GB Ram dedicated and a cuda based vid card if I could find one capable for the IBM server. This server is in a rack and would do nothing but cracking so leaving it cracking for days against a pass file is not a problem.

[Infiltrator]

Ok thanks for all the info guys. Last stll exist. Would you guys recommend setting this box up via a VM on the IBM or a hdd install? I was thinking a VM with about 4GB Ram dedicated and a cuda based vid card if I could find one capable for the IBM server. This server is in a rack and would do nothing but cracking so leaving it cracking for days against a pass file is not a problem.

You can try cracking hashes in a VM, but I doubt the virtual machine will have the performance required to crack the hashes. I would recommend having a separate box running an OS like Windows or Linux and with at least x2 or x3 Nvidia graphics card.

[digip]

Ok thanks for all the info guys. Last stll exist. Would you guys recommend setting this box up via a VM on the IBM or a hdd install? I was thinking a VM with about 4GB Ram dedicated and a cuda based vid card if I could find one capable for the IBM server. This server is in a rack and would do nothing but cracking so leaving it cracking for days against a pass file is not a problem.

Native install, not a VM, since VMs use the video driver supplied by the hyper visor, I don't think you can get something like oclHashCat to speak to the GPU in the same manner as you can from a native install because of how it speaks to the card. VMware 7 has GPU acceleration, but I don't believe it allows for native CUDA acceleration on top of that. Either way, this should be a machine dedicated to just this if that is the case, since these are hardware and resource intensive, a box with a few cuda based cards would be what you want. I don't think VMware gives you access to multiple GPUs either, but don't quote me on that, I've not actually tried telling a VM to use multiple cards. I think you can assign individual VMs to specific cards though for dedicated use on multiple screens, but again, don't quote me on that.

[buffy]

The cheapest way to crack passwords is currently cloud space...

http://www.theregister.co.uk/2011/01/11/amazon_cloud_wifi_cracking/