How to Grab & Crack Encrypted Windows Passwords (Part 2)
Welcome back, my neophyte hackers!
Several of you have written me asking how to crack passwords. The answer, in part, depends upon whether you have physical access to the computer, what operating system you are running, and how strong the passwords are.
In this first installment on password cracking, we’ll assume the simplest arrangement; you’re running Windows, attacking Windows, and have physical access to the computer whose passwords you’re attempting to crack.
In future installments, we’ll look at cracking passwords remotely, with and on Linux operating systems, and cracking famous web applications such as Gmail and Facebook, so keep coming back!
Step 1 Download Pwdump3
Windows systems encrypt user passwords and store them in a file named SAM and store them in the following directory:
The first thing we need to do is grab this file. In an earlier article, we used Metasploit to hack into the malicious dictator’s computer and grab his password hashes.
We can also grab the hashes without Metasploit if we have physical access to a computer on the network. This can be done with a neat piece of software called pwdump3. It’s installed on BackTrack already, but you can download it for free on Windows using the link below.