Jump to content

Windows LM error?


cheers12

Recommended Posts

Hi, I have been trying to hack into my own computer for penetration test but i found something strange about the LM i am trying to crack

Administrator:500:aad3b435b51404eeaad3b435b51404ee::::
No password for user Administrator(500)
Guest:501:aad3b435b51404eeaad3b435b51404ee::::
No password for user Guest(501)
HelpAssistant:1000:ddb78c747f0f0851cf29c2aea1f1547c:49b99f049aa622309f0b0519d314c30b:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee::::
No password for user SUPPORT_388945a0(1002)
Lewis:1003:aad3b435b51404eeaad3b435b51404ee::::
No password for user Lewis(1003)

I am sure there is passwords set for all accounts. can anyone help me? (I am using Backtrack2 with Bkhive and samdump2 and www. plain-text. info)

Link to comment
Share on other sites

Just noticed that Cain will now crash my pc when trying to run LSA Secrets. Microshit must have ahnged somehting in lsass.exe during their last month of patches. Anyone else run into this problem?

I am trying http://sourceforge.net/project/showfiles.p...ckage_id=167699 to see if I can recover them. I created an empty account to see what the hash comes back as, but since cain isn't working I need some other way to verify what it is.

Link to comment
Share on other sites

Yeah, "aad3b435b51404eeaad3b435b51404ee" is definately an empty string, as in NO password is set for them. Just verified it against the guest account on my system. What did you use to dump them with?

I used the Ophcrack Live CD to get passwords, but you can also DUMP the sam file and get the LM Hashes as well with a little bit of playing.

Once the CD Loads on boot, it will automatically start cracking the LM hashes, but the problem is it won't find paswords for hashes longer than 14 characters, and I used *'s in the file so it didn't even see them. Told me there was no password set for the account.

So, to get the hashes it didn't see or crack, I searched the harddrive and used BKHive andSAMDUMP2 to get the hashes.

in a terminal window cd /mnt/hda1/windows/system32/config

run: bkhive SYSTEM > /home/temp.txt

(were using /home/temp.txt becasue if you try to do it where you are it gets a write error and since were in a live cd environement we write it to our virtual home directory)

then: samdump2 SAM /home/temp.txt > /home/hashes.txt

I then ftp'd it to my site to download but if you have a usb stick you can copy it over to the usb drive and then reboot back into windows and copy it off the usb drive.

It did find the hashes for my password that contained *'s but did not crack them using ophcrack because the tables it came with are limited to fit on a cdrom. You could install the full version and download all the tables from the internet and then import your harvested hashes into ophcrack but most of the time, it will get you a login to at least get onto the box.

Link to comment
Share on other sites

this is what i typed into the konsole

Bkhive ncuomo@studenti.unina.it

Usage:
bkhive systemhive keyfile
bt ~ # samdump2
Samdump2 ncuomo@studenti.unina.it
This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com)

Usage:
samdump2 samhive keyfile
bt ~ # bkhive /mnt/hda1/WINDOWS/system32/config/system key
Bkhive ncuomo@studenti.unina.it

Bootkey: ae8961060eb3c10905d33e3a9642441c
bt ~ # ls
Desktop/Ā  Set IP addressĀ  keyĀ  sample_scripts/
bt ~ # samdump2 /mnt/hda1/WINDOWS/system32/config/SAM key
Samdump2 ncuomo@studenti.unina.it
This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com)

Administrator:500:aad3b435b51404eeaad3b435b51404ee::::
No password for user Administrator(500)
Guest:501:aad3b435b51404eeaad3b435b51404ee::::
No password for user Guest(501)
HelpAssistant:1000:66fd5d21ed6da6a466ecaa3d454974cf:a338396acb83ec16f1a14179f9a254bf:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee::::
No password for user SUPPORT_388945a0(1002)
Lewis:1003:aad3b435b51404eeaad3b435b51404ee::::
No password for user Lewis(1003)
bt ~ #

what did i do wrong?

Link to comment
Share on other sites

this is what i typed into the konsole

Bkhive ncuomo@studenti.unina.it

Usage:
bkhive systemhive keyfile
bt ~ # samdump2
Samdump2 ncuomo@studenti.unina.it
This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com)

Usage:
samdump2 samhive keyfile
bt ~ # bkhive /mnt/hda1/WINDOWS/system32/config/system key
Bkhive ncuomo@studenti.unina.it

Bootkey: ae8961060eb3c10905d33e3a9642441c
bt ~ # ls
Desktop/Ā  Set IP addressĀ  keyĀ  sample_scripts/
bt ~ # samdump2 /mnt/hda1/WINDOWS/system32/config/SAM key
Samdump2 ncuomo@studenti.unina.it
This product includes cryptographic software written
by Eric Young (eay@cryptsoft.com)

Administrator:500:aad3b435b51404eeaad3b435b51404ee::::
No password for user Administrator(500)
Guest:501:aad3b435b51404eeaad3b435b51404ee::::
No password for user Guest(501)
HelpAssistant:1000:66fd5d21ed6da6a466ecaa3d454974cf:a338396acb83ec16f1a14179f9a254bf:::
SUPPORT_388945a0:1002:aad3b435b51404eeaad3b435b51404ee::::
No password for user SUPPORT_388945a0(1002)
Lewis:1003:aad3b435b51404eeaad3b435b51404ee::::
No password for user Lewis(1003)
bt ~ #

what did i do wrong?

Few things.

#1 If your using the ophcrack live cd, you can't write to the harddrive, only to the virtual home directory in ophcrack.

#2 You need to be in the path of windows/system32/config

#3 Your getting the usage prompt because your typing in the command wrong or it isnt being done against the correct file in that directory

-do an ls and see if you get a listing that includes the SAM file. If so, you should be in the windows/system32/configĀ  and you can continue with:

bkhive SYSTEM > /home/temp.txt

the above dumps a temp file to the home directory which will be the keyfile (use SYSTEM, not an email address)

then:

samdump2 SAM /home/temp.text > /home/hashes.txt

now cd to /home/ and do an ls and you will see the hashes.txt file. Copy it to a usb drive or FTP it somewhere on the internet to reteive.

If you have another version of linux you can install BKHive and Samdump2 to any other linux installation or add it to another live cd. This would be good because I noticed that none of the programs on the ophcrack cd seem to work(at least none of the ones from the gui menu, but ftp and terminal do work as well as the automatic cracking program).

It also looks like you got a dump of the file, but there is no password set for the accounts Administrator or Lewis, so I don' see where you need to take this further. If it was yoru pc, you should know weather there are passwords set for each account.

Link to comment
Share on other sites

Just noticed that Cain will now crash my pc when trying to run LSA Secrets. Microshit must have ahnged somehting in lsass.exe during their last month of patches. Anyone else run into this problem?

I am trying http://sourceforge.net/project/showfiles.p...ckage_id=167699 to see if I can recover them. I created an empty account to see what the hash comes back as, but since cain isn't working I need some other way to verify what it is.

Yeah, I noticed this while plugging in my switchblade, I tried to get some files off of it, but it gave me 1 minute to end all my tasks before a reboot, most annoying.Ā  I didn't even agree to the update.Ā  :x

Link to comment
Share on other sites

Yeah, I noticed this while plugging in my switchblade, I tried to get some files off of it, but it gave me 1 minute to end all my tasks before a reboot, most annoying.Ā  I didn't even agree to the update.Ā  :x

Thats why I used the ophcrack live cd to dump the hashes it didn't crack on its own. I sadly cannot get it to work from a usb drive. My pc says it will boot from a usb drive, but I think I may need a U3 drive for it to work, as it never sees it during boot. It does let me chang eit in the bios to boot from usb and I can tell it to act as either a floppy or a hard drive, but neither setting works. I was however able to send files to the usb drive once I was logged into ophcrack from the cd drive, so if you carry the cd and a usb stick together you can save the hashes to take hoem with you. Not as convenient as a switchblade, because you have to reboot and set the bios to boot from cd (if it even has the option) but it works and that is all that matters.

Maybe come up with an alternative to the switchblade and use live cd's in combo with a usb stick, like a bart pe version of windows xp to access the drive using the normal explorer shell and then copying all the files you want to the switchblade or run womethign from it to take control of the host system.

since cain crashes windows it kind of defeats the purpose of having in on a usb stick, but it might be good just to have it crash windows and then pop in the ophcrack cd to do what you want. I wonder if an automated cain switchblade to grab the lsa secrets will still crash it if the screen saver is running. might be usefull to cause it to crash the system.

Link to comment
Share on other sites

Few things.

#1 If your using the ophcrack live cd, you can't write to the harddrive, only to the virtual home directory in ophcrack.

#2 You need to be in the path of windows/system32/config

#3 Your getting the usage prompt because your typing in the command wrong or it isnt being done against the correct file in that directory

-do an ls and see if you get a listing that includes the SAM file. If so, you should be in the windows/system32/configĀ  and you can continue with:

bkhive SYSTEM > /home/temp.txt

the above dumps a temp file to the home directory which will be the keyfile (use SYSTEM, not an email address)

then:

samdump2 SAM /home/temp.text > /home/hashes.txt

now cd to /home/ and do an ls and you will see the hashes.txt file. Copy it to a usb drive or FTP it somewhere on the internet to reteive.

If you have another version of linux you can install BKHive and Samdump2 to any other linux installation or add it to another live cd. This would be good because I noticed that none of the programs on the ophcrack cd seem to work(at least none of the ones from the gui menu, but ftp and terminal do work as well as the automatic cracking program).

It also looks like you got a dump of the file, but there is no password set for the accounts Administrator or Lewis, so I don' see where you need to take this further. If it was yoru pc, you should know weather there are passwords set for each account.

i am using backtrack2 and i just wanna get the password for the accounts...cuz im locked out....btw i followed the instruction from the iron geek website, http://www.irongeek.com/i.php?page=videos/backtrackplaintext

Link to comment
Share on other sites

hmm, are u sure this is ur Computer? if so, run a copy of SAM LIVE, and just change ur Password via that, if ur locked out, though if ur on say a skool PC, they will not be using the SAM at all.

I think: I am sure there is passwords set for all accounts. can anyone help me?

kinda says it all. It's obviously not his pc, or he would know that there are no passwords set for these accounts. And if its something like a netware logon, its not going to have access to the network just by logging into windows alone and bypassing Novell or whatever they use.

Link to comment
Share on other sites

^^ someone got were i was coming from, Novell doenst store any Pass's in the SAM, and if the securtiy is right for a skool they will also be using somethink like DeepFreeze or HDGuard, so all secrets arnt there either.

I posted what i said b4. becuase or eregutaleries in cheers12's posts, same for many new members.

Also just a note, Windows Active Login, also doesnt store in the SAM :P and to anyone using it shameĀ  :mad:

Link to comment
Share on other sites

lol guys...this is actually my dad's computer and i just want access to it....cuz im locked out all day...so can anyone help me instead of questioning my motives?

If you haven't tried it yet, boot into safemode and see what happens...

What is it thats locked out? How is it locked? Does it require a password from boot, or does he have an adminstrator lock on while it is up and running?

Seriously, if you wanted access to a file or something, you could just use a live cd to copy it somewhere, but if he is using something other than Windows default for the login procedure, like Novelll, then you need to tell us these things, as we have no idea what he is using to lock down the pc.

Also, I think if your father is smart enough to not cache the passwords from the SAM files using somethign like Novell, etc.., then he is probably smart enough to find out when you try to mess with his pc. If you were my kid and I had reason to restrict you from my computer, you would think twice about messing with my things. I don't know your father, but whats to say he won't give you a beat down if he catches you f*ing with his things? Don't do something your going to regret.

Link to comment
Share on other sites

lol guys...this is actually my dad's computer and i just want access to it....cuz im locked out all day...so can anyone help me instead of questioning my motives?

we question ur motives because we dont like skiddies.

If this realy is ur dads PC, then u will know if he is using Novell, or an Active Server to log into his rig, if hes not, then i would say he has changed the say MS stores his Keys. Such as http://support.microsoft.com/kb/299656 if he has gone to the troubles of this, then i suggest that u dont even try to use his PC y he isnt there.

If its what i think and this isnt ur PC at all, then i suggest u give up now, there is no way to hack a Novell server via skiddie means like most other Non-windows based LAN setups.

Link to comment
Share on other sites

I am sure that my dad isnt running any novell netware or anything similar to that...i actually got in before TWICE by finding his LM hash and cracking it...but it doesnt work now....maybe a key logger would work

Can't you just ask your dad to set up an account for you?

Link to comment
Share on other sites

Can't you just ask your dad to set up an account for you?

I think its obvious his dad(if thats even true) doesn't want him using it...

Link to comment
Share on other sites

wow guys...is this a hacker forum or a moral issue forum?

I wouldn't call this a "hacker forum" but if you search around a bit you can find a lot of usefulĀ  information, I would also listen to these people as you can get into a lot of trouble for "hacking". Which reminds me what happened to the good ol' days where you actually had to know something about a computer to "hack" it?

But in answer to your blank LM hash, you will find if a password is longer than 14 characters there is no LM hash stored

Link to comment
Share on other sites

wow guys...is this a hacker forum or a moral issue forum?

I wouldn't call this a "hacker forum" but if you search around a bit you can find a lot of usefulĀ  information, I would also listen to these people as you can get into a lot of trouble for "hacking". Which reminds me what happened to the good ol' days where you actually had to know something about a computer to "hack" it?

But in answer to your blank LM hash, you will find if a password is longer than 14 characters there is no LM hash stored

"If this is the case, you will need to audit your password hashes against the NTLM character set."

http://rainbowcrack.com/help/faqs.php?PHPS...d01cc5939412#14 chars

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...