Welcome back, my neophyte hackers!

Several of you have written me asking how to crack passwords. The answer, in part, depends upon whether you have physical access to the computer, what operating system you are running, and how strong the passwords are.

In this first installment on password cracking, we’ll assume the simplest arrangement; you’re running Windows, attacking Windows, and have physical access to the computer whose passwords you’re attempting to crack.

In future installments, we’ll look at cracking passwords remotely, with and on Linux operating systems, and cracking famous web applications such as Gmail and Facebook, so keep coming back!

Step 1 Download Pwdump3

Windows systems encrypt user passwords and store them in a file named SAM and store them in the following directory:

  • c:\Windows\system32\config

The first thing we need to do is grab this file. In an earlier article, we used Metasploit to hack into the malicious dictator’s computer and grab his password hashes.

We can also grab the hashes without Metasploit if we have physical access to a computer on the network. This can be done with a neat piece of software called pwdump3. It’s installed on BackTrack already, but you can download it for free on Windows using the link below.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s