mango Posted September 10, 2006 Share Posted September 10, 2006 all the episodes talk aout getting the hash thing if ur the administrator, put if ur not the administrator how would you go around gettin the hash thingy another way Quote Link to comment Share on other sites More sharing options...
Sammael Posted September 10, 2006 Share Posted September 10, 2006 From here 2) Dude, where’s my hash?Now that you’ve got Ophcrack and rainbow tables installed, you’ll need hashes. There are three places to find them on Windows XP: * In the folder C:windowssystem32config. This folder is locked to all accounts (including an Administrator account) while running, except the special System account. * In a SAM file from C:windowsrepair if rdisk has ever run * In the registry, under HKEY_LOCAL_MACHINESAM, which is locked to all accounts This doesn’t look good for retreiving the windows hashes! Well, to work around the built-in windows protections, we can recover hashes by the following techniques: * Boot to linux and copy the file directly from C:windowssystem32config. This is probably too troublesome for most users, but with a liveCD it’s trivial. * Run pwdump2, including in Ophcrack, to trick out the registry values. If you didn’t change any settings, it should be installed in C:Program Filesophcrackwin32_tools. Here’s an example session from the command line (start, run, type “cmd†and hit enter): C:Documents and SettingsElliott Back>cd “C:Program Filesophcrackwin32_tools†C:Program Filesophcrackwin32_tools>pwdump2 Administrator:499:aabbcc:3311dd::: Elliott Back:234:aabbcc:3311dd::: C:Program Filesophcrackwin32_tools> Naturally, I’ve censored the hashes and the number of users. If you’d like some hashes to play with, here are hashes for users with passwords varying from length from 1 to 7 characters long: test-hashes.txt. It is the second on a google search for "how to get windows hashes". Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.