Labels

Android (1) bash (2) boost (2) C (34) C++ (2) cheatsheet (2) CLion (6) css (3) Debian (33) DL (17) Docker (1) Dreamweaver (2) Eclipse (3) fail2ban (4) git (5) GitHub (4) Hacking (3) html (8) http (1) iOS (1) iPad (1) IRC (1) Java (30) javascript (3) Linux (164) Mac (19) Machine Learning (1) mySQL (47) Netbeans (4) Networking (1) Nexus (1) OpenVMS (6) Oracle (1) Pandas (3) php (16) Postgresql (8) Python (9) raid (1) RedHat (14) Samba (2) Slackware (45) SQL (14) svn (1) tar (1) ThinkPad (1) Virtualbox (3) Visual Basic (1) Visual Studio (1) Windows (2)

Tuesday 24 November 2020

Using samdump2 and John the Ripper to retrieve passwords

Using Samdump2 and John The Ripper

 Both can be built from source (easier than you think with sbopkg on Slackware)

1) To crack Linux user password

Get /etc/passwd and /etc/shadow and create 2 files called passwd.txt and shadow.txt respectively.

Use unshadow as follows;

unshadow passwd.txt shadow.txt > passwords.txt

Use John The Ripper to crack the passwords, as below;

john --wordlist:/usr/share/wordlists/sqlmap.txt passwords.txt

To view the cracked passwords, use; john --show passwords.txt

2) To crack Windows XP/7 password 

Firstly, we need to boot with a Live distribution or otherwise mount the drive containing the SAM file.

2a) Get the SAM file from C:/Windows/System32/config/SAM

2b) Get the system file from C:/Windows/System32/config/system

2c) Use samdump2 to extract hashes from SAM file as below;

samdump2 system SAM

This will show you a combination of users and hashed passwords, we want to output this to a file, for example;

samdump2 system SAM > hash.txt

2d) Use John The Ripper to crack the passwords, as below;

john -format=LM  hash.txt

or to use a specific wordlist, do;

john -format=LM -wordlist=/path/to/wordlist hash.txt

To view the cracked passwords, use; john --show hash.txt

Posted by at
Labels: , ,

No comments:

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)