Tuesday, June 29, 2010
Anu
Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves system administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crackable passwords. On a file-by file basis, password cracking is utilized to gain access to digital evidence for which a judge has allowed access but the particular file's access is restricted.
The SAM file in Windows contains the usernames and hashed passwords. It’s located in the Windows\system32\config directory.
The file is locked when the operating system is running so a hacker can’t attempt to copy the file while the machine is booted to Windows.
One option for copying the SAM file is to boot to an alternate operating system such as DOS or Linux with a boot CD. Alternately, the file can be copied from the repair directory.
If a systems administrator uses the RDISK feature of Windows to back up the system, then a compressed copy of the SAM file called SAM._ is created in
C:\windows\repair
C:\windows\repair
To expand this file, use the following command at the command prompt:
C:\>expand sam._ sam
After the file is uncompressed, a dictionary, hybrid, or brute-force attack can be run against the SAM file using a tool like L0phtCrack.
Download L0pthCrack from HERE.
Posted in
0 comments:
Post a Comment