What is Digg?96 Comments
- praveenmarkandu, on 10/11/2007, -0/+65wouldnt ophcrack be better?
- carbonfree314, on 10/10/2007, -4/+53Keep him at 0.
- firefox15, on 10/11/2007, -1/+35Actually, it much faster to just reset the password rather than crack it. As long as you don't have any encrypted files, it works great.
http://home.eunet.no/pnordahl/ntpasswd/ - richgustavson, on 10/10/2007, -1/+19LC5 has been out for years...how is this news?
- nthitz, on 10/10/2007, -0/+17I find that it is a lot faster and more reliable, the only flaw is you have to download like a 500 mb rainbow table. But it's worth it.
http://ophcrack.sourceforge.net/ - crossmr, on 10/10/2007, -0/+15"System administrators can find weak passwords within minutes. Sys admins can then change the passwords to make them more secure."
A good administrator uses active directories group policies to set complexity requirements. - Piyh, on 10/10/2007, -0/+13Don't worry we aren't reading your mind, we're simply watching your every move.
- junkalam, on 10/10/2007, -6/+18http://www.duggmirror.com/security/Crack_Windows_Passwords_With_LC5/
(this isn't comment abuse and im not sorry) - dralezero, on 10/10/2007, -0/+11You're not supposed to be hacking it's supposed to be for personal use ;)
- xShad0w, on 10/10/2007, -2/+11Yea but then people will know that they got hacked, this leaves no trace theoretically speaking
- modpancake, on 10/10/2007, -0/+9This is classic. Back in 2003, three friends dumped the passwords to every account on my former high school's network. They used pwdump and LC3. They would not have been caught if not for their printed lists. They were minors at the time, though, so not a whole lot happened as a result.
- TimboTheGreat, on 10/10/2007, -0/+8@ GonadHunter
What about just booting normally, going into the admin account and stripping the password? - moo2u2, on 10/10/2007, -1/+9man lc5's been around for ages
don't you need to have admin privelages to install anyway? - bobbothegrayson, on 10/10/2007, -1/+8but how the hell do you use it?
- Lane, on 10/10/2007, -1/+8if you end up changing the password then any encrypted files will never be recoverable.
- inactive, on 10/10/2007, -0/+6Rainbow tables.. John the Ripper w/ NTLM support.. l0phtcrack (any version) is fairly lame unless you're looking to grab some hashes off the wire. In that case, use Metasploit and its built in modules that do the same thing.
- junkalam, on 10/10/2007, -2/+8wow digg is just amazing! I was in the middle of googling this topic when i decided to kill some time on digg. And there it is on the frontpage. Amazing stuff..
- HyperionZero, on 10/10/2007, -0/+6Dugg for not using l33t sp34k
- r00t3d0ut, on 10/11/2007, -2/+8ERD Commander works just as good if you don't mind resetting the password or the offline NT password & registry editor.
- patch6, on 10/10/2007, -1/+71337 D00D
80081355 - jgtg32a, on 10/10/2007, -0/+5Yes its better
step 1 download ISO
step 2 burn ISO
step 3 restart computer
step 4 wait about 3 min
Also in other news Disable LMhash
why because 2 8byte DES hashes are easier to crack than 1 MD5, but there are rainbowtables for NTLM hash so it just makes the attacker use larger rainbow tables.
http://support.microsoft.com/?kbid=299656 - micro506, on 10/10/2007, -0/+5A common plan used for one-time access is for the attacker to make a copy of the SAM, then switch it out with their own custom file. Then, when done with the access, reverting to the old copy.
- kz26, on 10/10/2007, -0/+5umm....Rainbowcrack, anyone?
- bluebearr, on 10/10/2007, -0/+5Sorry, but your method doesn't work on XP. Or 2000. Or 2003.
- cwl157, on 10/10/2007, -0/+5cause i haven't been around for years....
- inactive, on 10/10/2007, -1/+5That doesn't help you in the slightest if you've obtained a remote SAM or pulled the hashes out of the running registry.. ERD is for people who forgot their password, not people who want to crack other peoples' passwords.
- vspazv, on 10/10/2007, -0/+4SAMInside is faster and more stable. Another alternative is Cain and Able.
- techiemike, on 10/10/2007, -0/+412345? That's the stupidest combination I've ever heard of in my life! That's the kinda thing an idiot would have on his luggage!
- jrbrewin, on 10/10/2007, -0/+4which begs the question, why bother encrypting them?
- horizontaleight, on 10/10/2007, -0/+4Oh ok. Around 1999-2000 my friend and I did this as a demonstration for my teacher and administrator with no malicious intent. We cracked 3116 accounts from our district by remotely dumping the hashes from one of the servers and printed out a portion of the list to show the teacher. Unfortunately, me showing them that registry access to the server being accessible was a problem was taken as me trying to "destroy" their network, and the superintendent was notified. They threatened to expel me for trying to help them.
- netkid91, on 10/10/2007, -1/+5Norton sucks anyways
- Hemingrubbish, on 10/10/2007, -0/+4rapidshare mirror:
http://rapidshare.com/files/44452648/lcp504en.rar - MikeyMoose, on 01/30/2009, -0/+3Hash "marks"? WTF - "#####"?
A hash - but not hash marks... - horizontaleight, on 10/10/2007, -0/+3Cherokee High School? 2000?
- Sunsetter, on 10/10/2007, -0/+3Not true.
A program called AEFSDR will decrypt NTFS files.
Worked great when my box crashed and had to recover all of my encrypted files. Use a boot program like BartPE and you're good to go. - Darth_tater, on 10/10/2007, -0/+3download the rar w/o installer
unrar to folder
run exe
select something from the import menu. - they, on 10/10/2007, -0/+2Look at this: http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
I'll trade a password hash for a password. Go. - Silthrim, on 10/10/2007, -0/+2I just tested this program on my Windows Vista SAM file and worked in about 25 seconds. Time to change my password ;)
- Ellipsys, on 10/10/2007, -0/+2Good advice. I picked up a great Rainbow list at Defcon two years ago. Has been invaluable for a few things.
- Knight4, on 10/10/2007, -0/+2Wanna recover all your windows passwords? Get Cain (http://www.oxid.it/cain.html), works everytime.
Here's the description: "Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users."
PS: your antivirus should detect it as a virus, however this is not the case.
Quoting from the program's FAQ:
"Q: Is this program a virus ?
A: No, absolutely not ! The program does not infect files, it does not send your password over the Internet, it does not propagate itself and it does not contain spyware code. If you don't trust the me you can check it yourself using your preferred personal firewall software. As proof of contents, in every release of the program the executable and .DLL files are always signed by the author. You can find mao's PGP public-key here. " - BostonMark, on 10/10/2007, -1/+3If you can get on the Admin account (if you remember that password or if you don't have one set), you can use the net user command from the command line to change any other password on the system. Note: this is to change the password, but you will not figure out the old one.
http://www.allthingsmarked.com/2006/08/21/change-your-xp-password-via-the-command-line/ - BryanJK, on 10/10/2007, -0/+2This usually happens if they mess up a comment / place it wrong
- Tephra, on 10/10/2007, -0/+2shame it doesn't use multicore/cpu/threads...
- Darth_tater, on 10/10/2007, -0/+2i believe that it to extract hashes from the local machine
- modpancake, on 10/10/2007, -0/+2Lincoln Southwest High School.
http://en.wikipedia.org/wiki/Lincoln_Southwest_High_School - abandonedhero, on 10/10/2007, -0/+2Do you work for AT&T?
- SebHughes, on 10/10/2007, -0/+1I quite like Cain & Abel. Its got quite a few tools, password cracking, ARP, wirless cracking etc. www.oxid.it/cain.html . With cain it will show you the password hashses so you can submit it to www.plaintext.info
- blizzok, on 10/10/2007, -0/+1for me speed is paramount. grabbing passwords is the tough part, i can crack them later. i recommend a livecd with samdump and bkhive2, and usb thumb drive. w00t school admin.
- jrbrewin, on 10/10/2007, -0/+1do these tools still fail to get round passphrases over 14characters long?
- m0tbaillie, on 10/10/2007, -0/+1*tinfoil hat*
-
Show 51 - 95 of 95 discussions
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is