Tools of the trade for Hacking
Posted: September 14, 2007, 6:53 pm
I am in a network security class and our first real assignment is to hack into another student's work station hard drive.
The instructor took all our work station hard drives, relabeled them, and distributed them out to us. So we have physical access to the drives.
Now for the grading.
1: Top points for finding the Administrator password for the box.
2: Getting in and out again without changing the admin password.
3: Passing grade for just being able to get in.
4: Can't get in you get no points.
So the first thing I do is gather the tools. The software I pick up is:
Ophcrack
Slax
Bart PE
LC5
LCP
Cain & Able
Offline NTPW
(disclaimer: I have no experience with any of this software nor the concepts behind them at this time)
So this morning I had some time before work and went to the lab to try and hack this thing. First thing I run is Ophcrack and that gives me the user names and surprisingly enough the Administrator password of 123456.
My first thought is that this has to be a bogus account so I proceded then to use Bart PE so I can get to the Hash files. I find the Hash files no problem and copy them to my flash drive.
I figured I may as well try the admin login just to see. I fully expected it to be a disabled account. Upon boot up he had the generic windows xp login screen with his name as the only user. I control-alt-delete twice and get the login prompt and put in the administrator and the password of 123456.
It worked. So am in and I am thinking I'll just run my LC5 right on the machine instead of moving to a different one to crack the passwords. I load the program and it tells me that I need to have admin rights to run this program. I figured at this point I am kind of screwed if I want to run it on the drive itself but I figured I'd go to the user groups and see if I can't add a user for shits and giggles. I open up the administrators group and there it was, the Administrator account. I was kind of shocked. So I start the program and found that while his Administrator password was easy enough to get (top points btw) his user password was tougher. As in over 14 chars. So I tried to see if I could crack it in the time I had (about 30 mintues) knowing that wasn't likely but hey if I got lucky enough to get a sucker who didn't change his admin name or at least give it a decent password I may get lucky here.
Nope. So I took the hashes I collected (sam, security, system) and went to work. I have been running a hybrid attack using LCP (LC5 wouldn't load for some reason) against the nthash. It has been about 7 hours now and I am only 18% through all the combos. I am sensing that I will be running this all weekend. I really want to get this password so I can feel as if I accomplished something. My class is on Monday night.
So I come here now asking if there is a better tool out there that I can use to beat this password?
The instructor took all our work station hard drives, relabeled them, and distributed them out to us. So we have physical access to the drives.
Now for the grading.
1: Top points for finding the Administrator password for the box.
2: Getting in and out again without changing the admin password.
3: Passing grade for just being able to get in.
4: Can't get in you get no points.
So the first thing I do is gather the tools. The software I pick up is:
Ophcrack
Slax
Bart PE
LC5
LCP
Cain & Able
Offline NTPW
(disclaimer: I have no experience with any of this software nor the concepts behind them at this time)
So this morning I had some time before work and went to the lab to try and hack this thing. First thing I run is Ophcrack and that gives me the user names and surprisingly enough the Administrator password of 123456.
My first thought is that this has to be a bogus account so I proceded then to use Bart PE so I can get to the Hash files. I find the Hash files no problem and copy them to my flash drive.
I figured I may as well try the admin login just to see. I fully expected it to be a disabled account. Upon boot up he had the generic windows xp login screen with his name as the only user. I control-alt-delete twice and get the login prompt and put in the administrator and the password of 123456.
It worked. So am in and I am thinking I'll just run my LC5 right on the machine instead of moving to a different one to crack the passwords. I load the program and it tells me that I need to have admin rights to run this program. I figured at this point I am kind of screwed if I want to run it on the drive itself but I figured I'd go to the user groups and see if I can't add a user for shits and giggles. I open up the administrators group and there it was, the Administrator account. I was kind of shocked. So I start the program and found that while his Administrator password was easy enough to get (top points btw) his user password was tougher. As in over 14 chars. So I tried to see if I could crack it in the time I had (about 30 mintues) knowing that wasn't likely but hey if I got lucky enough to get a sucker who didn't change his admin name or at least give it a decent password I may get lucky here.
Nope. So I took the hashes I collected (sam, security, system) and went to work. I have been running a hybrid attack using LCP (LC5 wouldn't load for some reason) against the nthash. It has been about 7 hours now and I am only 18% through all the combos. I am sensing that I will be running this all weekend. I really want to get this password so I can feel as if I accomplished something. My class is on Monday night.
So I come here now asking if there is a better tool out there that I can use to beat this password?