Post: #1[How To] Bypass Win7 Password, Lift Win SAM Hashes

General technological topics without their own forum go here

Post: #1[How To] Bypass Win7 Password, Lift Win SAM Hashes

Post by UltimatePeter on Thu Jun 13, 2013 9:10 am
([msg=76085]see Post: #1[How To] Bypass Win7 Password, Lift Win SAM Hashes[/msg])

Here, we will be bypassing the normal Windows 7 Password authentication and then extracting the SAM database password Hashes. We will also take a little scenic route and grab the saved passwords out of the Firefox browser.
Other awesome stuff: http://www.ultimatepeter.com

Here is my Youtube Vid on the whole tutorial:
http://www.youtube.com/watch?v=C9KkQYSSTE0

Here are the items we will use:

-USB Drive (small is okay)
This will be the attack vector

-Unetbootin
This will write the Floppy image of Kon-Boot to the USB Drive.
http://unetbootin.sourceforge.net

-Kon-Boot Commercial Edition v2.0
You can buy this... or find it somewhere?
(Not going to post illegal files here, but just think: "Pirates in a bay")

-fgdump (fizzgig dump)
This will extract the SAM Password Hashes for Windows Users and we can take them with us.
http://fgdump.com/fgdump/

-irongeek supplemental Kon-Boot files
We need these because of an issue v2.0 was having with booting on certain computers such as my own.
http://www.irongeek.com/downloads/ironge...files2.zip

-Pre-Calculated NTLM Hash Tables:
http://www.md5decrypter.co.uk
http://onlinehashcrack.com
http://crackstation.net

Note: You can use the free version of 2.0, but it will only work on the following:
Microsoft Windows XP Home Edition (Service Pack 2+) 32/64Bit
Microsoft Windows Vista Home Basic 32Bit
Microsoft Windows Vista Home Premium 32Bit
Microsoft Windows Vista Business 32Bit
Microsoft Windows Vista Enterprise 32Bit
Microsoft Windows Server 2003 Standard 32Bit
Microsoft Windows Server 2003 Datacenter 32Bit
Microsoft Windows Server 2003 Enterprise 32Bit
Microsoft Windows Server 2003 Web Edition 32Bit
Microsoft Windows Server 2008 Standard 32Bit
Microsoft Windows Server 2008 Datacenter 32Bit
Microsoft Windows Server 2008 Enterprise 32Bit


Steps:
-Put in your Thumb-Drive and format it to FAT.
-Disable your Anti-Virus.
-Start Unetbootin, make sure it is set on your USB Drive. Then choose the Kon-Boot Floppy disk image. Hit "OK"
-After unzipping, copy IronGeek files to USB and overwrite.
-Copy fgdump.exe to USB Drive.
-Boot victim PC with USB drive in.
-Go to BIOS settings and make sure it is set to boot from USB.
-Boot into Kon-Boot.
-Choose "1st Kon-Boot" (You may have to run this twice?)
-Then Choose "2nd Try boot from C: on HD1" (You may have to run "1st Kon-Boot" and then HD2, or HD3, etc if the first doesn't work)
-Get to windows Login and you can put in any password, or leave it blank.
-When windows is done loading, open your USB drive, right-click on fgdump.exe and "Run as Admin" This will dump the Hash file into a file called 127.0.0.1.
-Later on your own computer, you can open this with notepad and use the NTLM Hash Table Sites, or crunch your own Rainbow Tables.
User avatar
UltimatePeter
New User
New User
 
Posts: 4
Joined: Tue Jun 04, 2013 1:46 pm
Location: Minnesota, USA
Blog: View Blog (0)


Re: Post: #1[How To] Bypass Win7 Password, Lift Win SAM Hashes

Post by DrRoach on Thu Jun 13, 2013 2:09 pm
([msg=76090]see Re: Post: #1[How To] Bypass Win7 Password, Lift Win SAM Hashes[/msg])

You haven't really told us how to do it, you've just told us how to run a program. Can you explain how the program actually works?
DrRoach
Poster
Poster
 
Posts: 151
Joined: Fri Feb 22, 2013 6:53 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests