Jump to content

Windows hashes


Recommended Posts

From here

2) Dude, where’s my hash?

Now that you’ve got Ophcrack and rainbow tables installed, you’ll need hashes. There are three places to find them on Windows XP:

* In the folder C:windowssystem32config. This folder is locked to all accounts (including an Administrator account) while running, except the special System account.

* In a SAM file from C:windowsrepair if rdisk has ever run

* In the registry, under HKEY_LOCAL_MACHINESAM, which is locked to all accounts

This doesn’t look good for retreiving the windows hashes! Well, to work around the built-in windows protections, we can recover hashes by the following techniques:

* Boot to linux and copy the file directly from C:windowssystem32config. This is probably too troublesome for most users, but with a liveCD it’s trivial.

* Run pwdump2, including in Ophcrack, to trick out the registry values. If you didn’t change any settings, it should be installed in C:Program Filesophcrackwin32_tools. Here’s an example session from the command line (start, run, type “cmd†and hit enter):

C:Documents and SettingsElliott Back>cd “C:Program Filesophcrackwin32_toolsâ€

C:Program Filesophcrackwin32_tools>pwdump2


Elliott Back:234:aabbcc:3311dd:::

C:Program Filesophcrackwin32_tools>

Naturally, I’ve censored the hashes and the number of users. If you’d like some hashes to play with, here are hashes for users with passwords varying from length from 1 to 7 characters long: test-hashes.txt.

It is the second on a google search for "how to get windows hashes".

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...