_m3x_ Posted June 29, 2011 Share Posted June 29, 2011 Hi, Srry if i post it in the wrong area but i search in the forum and no Luck..... I'm trying to crack my windows 7 username password (yeah i know why? right) I was bored and decided to test my Password strength.. i have susefully cracked my password in the pass (WinXP).. 1.) I try using CHNTPW, but no luck. [ sudo chntpw -u User SAM ] and clear the password.. but When i log in the password is still there.. 2.) I also try using Kon-Boot, No luck.. When i bot up the computer from the USB drive > Kon-Boot > from hd1 everything seems to be working well but when its trying to load, i get a F***IN "BSOD" (personally am tired of the color Blue lol) > i get a BSOD saying that "error occurred while trying to write read only Memory.. or sumthing like that.. 3.) i try using bkhive, and sambump2, and JTR.. Is it just me or Windows Up'd there security!! Any suggestions? btw the password is a simple password [fkraiders] Quote Link to comment Share on other sites More sharing options...
abferm Posted June 29, 2011 Share Posted June 29, 2011 If you can't find tools for this on your own, then you don't need to have them. Kon-Boot should have worked unless you are using the 64-bit version of Windows 7. Quote Link to comment Share on other sites More sharing options...
_m3x_ Posted June 29, 2011 Author Share Posted June 29, 2011 If you can't find tools for this on your own, then you don't need to have them. Kon-Boot should have worked unless you are using the 64-bit version of Windows 7. Im running Windows 7 [32b] Quote Link to comment Share on other sites More sharing options...
abferm Posted June 29, 2011 Share Posted June 29, 2011 Tools for the SAM that work with XP probably won't work since they changed the way the hashes work starting with Vista. A Vista tool should work. How old is your version of Kon-Boot? I just used Kon-Boot on a Windows 7 machine a couple days ago and it worked fine. That is all the help I will give you. Quote Link to comment Share on other sites More sharing options...
_m3x_ Posted June 29, 2011 Author Share Posted June 29, 2011 i Got the lates kon-boot v1.1, i might test it on another machine, and diff USB drive.. far as i know i have the lates uptodate tools.. thx for the reply.. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 29, 2011 Share Posted June 29, 2011 There is also Ophcrack that you could try. But if your password is longer than 8 characters and contains special characters, then it would be useless. Quote Link to comment Share on other sites More sharing options...
digip Posted June 30, 2011 Share Posted June 30, 2011 (edited) There is also Ophcrack that you could try. But if your password is longer than 8 characters and contains special characters, then it would be useless. ophcrack will work up to 14 characters with no issues, depending on the hash type, NTLM vs LM. Edited June 30, 2011 by digip Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted June 30, 2011 Share Posted June 30, 2011 ophcrack will work up to 14 characters with no issues, depending on the hash type, NTLM vs LM. Agree, it can crack up to 14 characters with no issues, but don't expect the rainbow tables size to be small. For instance a table with the following charset, would be around 36.4GB in size. Plus generating a rainbow table this size would take some time, in addition it can only crack up to 7 characters, which would be ineffective if the OP's password is over 7 characters long and contains certain special characters. Charset: 0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ (including the space character) Quote Link to comment Share on other sites More sharing options...
digip Posted June 30, 2011 Share Posted June 30, 2011 All you need to do is boot off bt5, dump the sam hashses, then google them. Majority of every password combination exists out there somewhere. Plenty of online crackers with search capabilities. I've been just entering MD5's lately into google, and its showing me the cracked hashes half the time. Same should work for windows hashes too, but if nto, just google for NTLM crackers, and they might have it in a table already. Quote Link to comment Share on other sites More sharing options...
_m3x_ Posted June 30, 2011 Author Share Posted June 30, 2011 There is also Ophcrack that you could try. But if your password is longer than 8 characters and contains special characters, then it would be useless. i try ed it already, Didn't work.. im just wondering why do i get a BSOD when booting with Kon-Boot.. Quote Link to comment Share on other sites More sharing options...
abferm Posted June 30, 2011 Share Posted June 30, 2011 (edited) How much RAM does the PC have? Does your CD drive have problems? Edited June 30, 2011 by abferm Quote Link to comment Share on other sites More sharing options...
_m3x_ Posted July 1, 2011 Author Share Posted July 1, 2011 How much RAM does the PC have? Does your CD drive have problems? I have 2GB, and no am booting from a USB Drive.. Quote Link to comment Share on other sites More sharing options...
_m3x_ Posted July 1, 2011 Author Share Posted July 1, 2011 i found This on the Web... "Because of the BIOS memory injection it appears to perform, some system BIOS’s may not be supported and could cause Kon-Boot to fail. So it isn’t a 100% success in all possible conditions. Also some users have said it BSOD their systems in various comments around the web. Some have even reported it nuked their systems for unknown reasons." Source i guess am one of the lucky ones :) Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 3, 2011 Share Posted July 3, 2011 Another way to test how secure your password really is by brute forcing it with HashCat or looking up your hash on the internet as Digip suggested before. Quote Link to comment Share on other sites More sharing options...
_m3x_ Posted July 3, 2011 Author Share Posted July 3, 2011 Another way to test how secure your password really is by brute forcing it with HashCat or looking up your hash on the internet as Digip suggested before. Never used HashCat, but i am goin to try google-in the hashes thx for the replys.. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.