Sunday, June 22, 2014
Cracking Windows 7 System Passwords via NTLM Hash with Cain & Abel
*Please note: This article is for educational purposes only and I will not be held responsible for any misuse of information. The goal of this article is to expose just how easy passwords can be cracked and to educate on better password making for accounts.
Cracking system passwords in Windows 7 via Cain & Abel is super easy if you have access to the system. You can also use this and other programs on another computer if you have access to the NTLM hash file by grabbing it off a system first. There are programs that can do this easily enough, but they are out of the scope of this article.
This example will assume you are trying to crack the password of an account on a computer that you are sitting at and have 5-10 minutes to carry out the example. I'm using a Windows 7 pc for this example.
The first thing to do is grab a copy of Cain & Abel for the system at: http://www.oxid.it/cain
When you first open Cain, you may get a warning about Windows Firewall being on and then the program will eventually open. You won't need to change any firewall settings for this example to work though.
When the program opens you will want to navigate to the cracker tab:
Once you are in the cracker tab, click the blue + sign at the top and chose "import from local machine".
It will look like this:
This will show you the hashes for passwords on the system you're on. In this case, I previously made a user named Bob and gave him a password when I created his account. Here you can see the info for Bob showing up in Cain along with the hash that will be used.
To be able to crack the password we need to make a wordlist for Cain. You can find many good wordlists online. I chose to make my own for this example because 1. I already knew Bob's password and 2. It shows you how to make your own wordlist file for this program and others of this type.
Open up notepad, and type in the following words with each word being on its own line:
Save this file as wordlist.txt
Now, in the Bob entry in the Cain program, right click on Bob's name and chose Dictionary Attack and then chose NTLM hashes.
You will see a new window pop up and you must tell Cain about the wordlist.txt that we created. To do that, right click in the top white portion and chose add file. Navigate to where you saved your copy of wordlist.txt and add it in. It will then look like this:
None of the other settings need to be changed once the list is added. Click start to start the password cracking. Within seconds and almost immediately the program should finish and show the password was cracked! Bob's password has been found out:
We can now log into Bob's account on that system using his password of abc123. We have successfully cracked this password.
This was just a small example of gaining access to a system via simple password cracking. There are many more programs that will accomplish this task and many wordlist files to use with them.
When making passwords, it is necessary to think of these attacks to better protect yourself. Many programs will automatically add capitals and letters to the beginning and end of words in a list they are testing as well. So doing things like adding 123 at the end of a word in your password will not protect you enough. You can make many rules so that you can be sure you are testing all combinations of letters and numbers when using these programs. That's why a good mix of upper and lowercase letters + symbols + overall password length must be considered when trying to make good passwords.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment