Welcome back, my neophyte hackers!
Several of you have written me asking how to crack passwords. The answer, in part, depends upon whether you have physical access to the computer, what operating system you are running, and how strong the passwords are.
In this first installment on password cracking, we’ll assume the simplest arrangement; you’re running Windows, attacking Windows, and have physical access to the computer whose passwords you’re attempting to crack.
In future installments, we’ll look at cracking passwords remotely, with and on Linux operating systems, and cracking famous web applications such as Gmail and Facebook, so keep coming back!
Windows systems encrypt user passwords and store them in a file named SAM and store them in the following directory:
We can also grab the hashes without Metasploit if we have physical access to a computer on the network. This can be done with a neat piece of software called pwdump3. It’s installed on BackTrack already, but you can download it for free on Windows using the link below.