digg

Join DiggAbout

Donkeys and Elephants and Delegates,oh my!
Check out the most popular Elections 2008 content on Digg.

Cracking Windows xp accounts

irongeek.com — See a video of how to crack xp accounts.

Bury
show profanity settings
expand all
  • schestowitz, on 10/12/2007, -16/+9I have just spotted another at:

    http://digg.com/security/Hacking_a_Windows_XP_password_prompt_with_a_graphing_calculator
    ^^
    Also submitted today, but I'd like someone to verify that it's real and is working. There are many other ways to crack Windows accounts, but these are new to me.

    There are many holes in that O/S, but there are many hoaxes too.
    • lordthor, on 10/12/2007, -33/+3boot into safe mode, admin account will almost certainly have no password, go to contorl panel, user accounts, change the password for whatever account you like to whatever you like.

      This is not that difficult.
    • neonic, on 10/12/2007, -2/+5Yes, this is real and works flawlessly. I have done it to several computers for people who forgot their passwords. It is so simple, as long as you can mount the HD, easy.
    • LordofShadows, on 10/12/2007, -5/+2I like elmer the narrator, if you allow some one to download your *password hashes* then what do you expect?
    • glock22ownr, on 10/12/2007, -2/+9Interesting.. but not too impressive. If you have physical access to the box, you pretty much own it... and how about making the password something like "m0Nk3y"...
    • Mahstah, on 10/12/2007, -1/+10You can change the root password on a Linux box just as easily using an install CD.
    • ApeInago, on 10/12/2007, -2/+3the caclulator hack uses exploits in the windows "plug and play" hardware install modle to extract the hash without having to boot using a cd..

      a user has to be logged in for this to work, if only in the background.

      lmhashs are easy to crack with john, this has been known fora while.

      a well made algorithm on a calculator could crack the lmhash very quick.
    • davidod87, on 10/12/2007, -6/+6For those of you pissed off by the Dreamhost advert, direct link:

      http://www.irongeek.com/videos/samdump2auditor.swf
    • n3xg3n, on 10/12/2007, -7/+2davidod87: Not cool, I sort of know IronGeek, and really it is not cool to direct link to bypass the ads that help pay for the site that has his FREE tutorials to HELP people >.>
  • chris9902, on 10/12/2007, -5/+16not much of a test setting the password to "monkey"
    • dbr_onix, on 10/12/2007, -1/+16A video of a 2 week brute-force crack isn't particularly interesting..
      - Ben
  • Elias1, on 10/12/2007, -8/+2I.W.H.L.B.S.S.S.A.H.V. ?
    I Wonder How Long...........?
  • elitexero, on 10/12/2007, -2/+29Set the password to "*cr4ckth!s***B!tch3z!**@()#" .. now try.
  • arkmtech, on 10/12/2007, -3/+23Appears to be a decent walk-through of cracking an XP account... but man, I wish he could pronounce his R's.
  • aekdbbop, on 10/12/2007, -7/+21Dude needs to blow his nose...
  • WackyT, on 10/12/2007, -3/+17So, it's just a dictionary attack. Throw a couple of numbers and special characters in your password.

    Lame.
    • kaelyiesta, on 10/12/2007, -6/+1Agreed. Dictionary attacks on hashes are not impressive.

      Still, the clip was worth watching. His engrish is rearry impressive.
  • Irco, on 10/12/2007, -4/+16I'll believe a monkey is the admin
  • hackerthirteen, on 10/12/2007, -6/+4This is pretty lame. There are so many different ways to do this it's not even funny. Though, my favorite is to fire up ERD Commander 2005 (cracked version) and then just create a new account. No traces after you delete the profile and the original password is still in place. :)
  • Nougat, on 10/12/2007, -5/+39Why bother cracking the password if you have physical access to the machine? Just reset the local admin password.

    http://home.eunet.no/pnordahl/ntpasswd/

    I have been doing this for years.
    • icecubed, on 10/12/2007, -10/+4ah ... I have been doing that for years too... + DIGG :]
    • hackerthirteen, on 10/12/2007, -2/+5Um...so you don't leave any traces. Finesse is required over brute force sometimes.
    • TheBigGuycouk, on 10/12/2007, -0/+10If they are using NTFS encryption you need there password to access the files
    • PowerCow, on 10/12/2007, -0/+8more important
      encrypted files dont survive password reset
      you need to actually hack the password if you want to view any encrypted files. ANd why so many people dont encrypt is beyond me.


    • lowbot, on 10/12/2007, -1/+1Have you ever had that method corrupt the disk or the registry? Its worked for me but Id like to know its fail rate.
    • jakobrowning, on 10/12/2007, -0/+1Ah you beat me to it. I too have been using this tool for a while now. I just gave a copy to my boss, I guess he was impressed when he saw me use it the first time.
    • Nougat, on 10/12/2007, -0/+1@lowbot

      There was one time that I used Nordhal's reset floppy where the machine was pooched afterwards - but the machine was pooched in the first place, which is why I had to try that method. I was able to reset passwords for other user accounts on the system (the SupportXXXXX account in particular), but not the local administrator account.
    • Nougat, on 10/12/2007, -1/+1@Everyone talking about encrypted files

      Okay, fair enough. If you're using NTFS encryption, you need the user password in question. But doesn't the local administrator account act as a master key for NTFS encryption anyway? So you'd change the local administrator account password and decrypt with that.

      Also, that only applies to NTFS encryption, not to other forms of file encryption (PGP, for example).
    • PowerCow, on 10/12/2007, -1/+2@Nougat:
      True.. it wont get my truecrypt files, etc unless i use simular passes for everything.
      The point is a bunch of ignorant people in the comments saying
      "OMG that is so lame, i could do it easier by just reseting the pass' etc
      and the point is, the people who made this video understand that as well but there are damn good reasons for not wanting to reset the pass.
      The top two being encrypted files and not wanting to leave a trace
      and just pointing out to the "OMG'rs" that they arent as smart as they think they are
    • lowbot, on 10/12/2007, -0/+2>But doesn't the local administrator account act as a master key for NTFS encryption anyway?

      Nope. The password, on a user basis, acts as a salt for the encryption (NTFS only).
    • hady1364, on 10/12/2007, -0/+0this is the easiest and best :-)
  • icecubed, on 10/12/2007, -4/+8http://home.eunet.no/~pnordahl/ntpasswd/

    boot cd, reset the password(or change it), boot windows, press CTRL-ALT-DEL 2 times
    enter Administrator enter the new password.

    DESTROY
  • Philluminati, on 11/06/2007, -9/+17
    You crack a Windows computer by doing this:

    Put the windows CD into the disk drive.

    Go to the recovery console

    type "net user admin hello"

    then the admin password is hello.

    then you just log in.

    If you want to stay anonymous tho, you just poke around the drives using cd and dir at that command line.

    Why go to so much effort? You've tried so hard for something so simple. Wow, I guess your a real cool hacker. You got hacker tools and everything, lol!
    • Zhay, on 11/06/2007, -20/+4No, you crack a Windows computer by taking a hammer to the case!
    • humancompiler, on 10/12/2007, -2/+6But you have to have the Windows install's admin password to log in using the recovery console in the first place. Not so easy.
    • PowerCow, on 10/12/2007, -2/+5because i want his encrypted files
      that is why I am a cool hacker with my hacker tools and everything.. LOL


      I actually feel much much much safer reading all the comments here. I hope if anyone ever breaks into my house and steals my box it is one of you.
    • lowbot, on 11/06/2007, -0/+6To do that you need the admin's password to get into the recovery console. Or werent you paying attention to that when you were 'cracking boxes?' Essentially you are logging in as admin using RC and then changing your password. That is no different than logging onto a windows session control-alt-delete and selecting a new password.

      The other methods do not need the admins password.
    • klawz, on 10/12/2007, -0/+2If you use a windows 2000 boot disc, you won't need the password for the recovery console.
  • officechris, on 11/06/2007, -1/+18This is a stupid digg, there's automated linux XP Crack CD's that will boot, and automatically start password crack and within 5 minutes will show you ALL of the local user accounts on the machine, no work involved.

    http://ophcrack.sourceforge.net/
    • PowerCow, on 10/12/2007, -0/+3show you all.. crappy passwords
      better passwords take a bit longer.
    • GeoNine, on 10/12/2007, -0/+1Its not always about the easiest way to point and click and get something done.
    • lowbot, on 10/12/2007, -0/+1Tried it. It got one password from an account with a very weak password. It couldnt get any of the 'hard" passwords, that is passwords like this : 666h3llo! It gave a false positive for one password also.

      works for very weak ones. Everything else will require a real rainbow table setup. Or an offline editor.
    • foreplay, on 10/12/2007, -0/+1lophtcrack (which i assume where this project got its name from) made it very easy to bruteforce all the passwords for any account. its just a shame symantec bought it and discontinued it.

      either way just dump your hashes to a txt file and use http://gdataonline.com/seekhash.php or if its not there try a bruteforce method.


  • Clp727, on 11/06/2007, -11/+3Irongeek is a very knowledgeable security expert. He has many tutorials available on his website and has shared his knowledge with members at several security forums. The guy knows his stuff!
    • petroK, on 10/12/2007, -2/+6hi Irongeek. how are you doing these days?
  • ISVDamocles, on 10/12/2007, -3/+2Here's the real way to crack Windows boxes -- John the Ripper: http://www.openwall.com/john/

    Originally designed to attack Unix passwords, now supports Windows NT passwords. Knoppix comes with John the Ripper so all you need to get anyone's windows password, no matter how well you follow the rules on good password choosing (which I still recommend you do), once someone who knows what they're doing can put Knoppix on your computer (or is in a limited account and can access the internet/usb drive/cd drive) can own your system.
    • josmtx, on 10/12/2007, -1/+1RTFA
    • ApeInago, on 10/12/2007, -2/+1my computer has a bios level password... you'd need to open the case up.. which is locked.

      good luck.
    • infinite411, on 10/12/2007, -3/+1ApeInago by ApeInago 42 minutes ago

      "my computer has a bios level password... you'd need to open the case up.. which is locked."

      I'll jack your box, take a piss and a ***** in it then send you the pics. Besides who would want to see what you have stored in it?

      good luck
    • K4P741NxKRUNCH, on 10/12/2007, -2/+4WTF is his problem?

      If you have to excrete, then I suggest an area that is a bit more appropriate and alot more white. It's called a mac.
    • kingace, on 10/12/2007, -0/+2Apelnago:

      Way to go, now nobody will ever be able to read your diary.
  • uWergo, on 10/12/2007, -1/+4i stopped watching when it said "..set the bios to.." didnt say anything about what if you're locked out of the bios =(
    • RedKrieg, on 10/12/2007, -0/+4uWergo, If you're locked out of the BIOS, move the password reset jumper or cmos clear jumper. If it's a dell laptop, call dell and tell them you're a field tech working on the machine and need the bios password. they'll ask you for the service tag and a code (which is the service tag followed by 4 hex characters). They will then tell you the override password.
    • RichesToRags, on 10/12/2007, -1/+0^ I believe what uWergo was pointing out is that this type of hack is only useful for personal password recovery rather than exploiting Windows security.

      If you need to pop open a PC case, flash its bios to reset the bios password, then this is not at all practical to a would be thief looking to gain access to a Windows machine.

      I could simply lock my PC's chassis and turn on it's BIOS password to thwart this type of hack.
  • eclecticsound, on 10/12/2007, -2/+1Wait....didn't the broken teach us this a long time ago?
  • Azur2, on 10/12/2007, -1/+3Jeez, this is waaaay overkill for an XP machine you've got unlimited physical access to.

    I had to "crack" an old XP machine of mine a couple of weeks ago (it's an old machine and I'd forgot what password I used) and I simply put loginrecovery on an autobooting CD, and it served up the admin username and password. I used a CD, but any autobooting device will work.

    You can buy the service from http://www.loginrecovery.com (I'm not affiliated with them in any way) or try it out for free.

  • kd1s, on 10/12/2007, -1/+2There are so many ways to just use native windows command box to take control, why would you need this?

    Secondly, ophcrack has managed to conquer EVERY password I've come up with, even leetized phrases, etc. All you do is boot the cd and wait. In about ten minutes you'll have the admin password for the machine.
    • PowerCow, on 10/12/2007, -0/+3most of the so called cmd prompt escalations are fake.
      plus youd have to have an account open on the machine already,
      If ophcrack is getting all your passes you must either not be very leeet, creative or have one hell of a rainbow table. Aint no way just a cd.. maybe a dvd.
      I use ophcrack all the time and it cant get any of my passwords.. even with a 2 gig rainbow table.
      and while they are complex i wouldnt call them that leet.
  • jzulli, on 10/12/2007, -3/+1hahah, "cwacking syskey..."
  • GeoNine, on 10/12/2007, -0/+2I am surprised at the ignorance of a good deal of these comments. This is just a tutorial, it doesn't claim to be the "only" way or the "best" or anything really other than one way to crack XP passwords. Resetting the password and cracking it are two different things, although in SOME cases they can be used interchangeably. Hmmm.....
  • unrealmp3, on 10/12/2007, -0/+1Usage of Rainbow Tables might have a better chance of success, if you have the time to build these :)
  • DigitalDud, on 10/12/2007, -0/+1Apparently on Macs the install disc includes a utility for "cracking" your password.
  • HaloprO, on 10/12/2007, -1/+2I like it, but www.thebroken.org does this in ep2 if I'm not mistaken.
  • adstretch, on 10/12/2007, -0/+4Everyone can list their favorite way to get in when they have physical access. I see at least 7 different techniques mentioned in this set of comments alone. The hard part is doing it when you cant touch the machine. You can always boot from cds, usb flash, (maybe the graphing calculator if thats not bogus), but get in from two states away and ill give more "props".
  • sharjeelsayed, on 10/12/2007, -0/+2More such videos can be found here
    http://137.132.19.24/security_course/vid_tutorials/
  • Addp009, on 10/12/2007, -0/+2If you have physical access, then there are many ways to "crack" a password. The challenge is to crack windows passwords remotely.

    You guys need to get over this type of non-news news. It's been known that you can do a million things to crack a password with physical access. Now show me a story that describes cracking a system without physical access. Only then will I be impressed.
  • cromus, on 10/12/2007, -2/+3hers how u realy crak a passwrd in windows u clik on password hint & they give u a hint on wut there passwd is & u can gess it pretty ez usualy

    works 4 me i gess
  • glasmodiar, on 10/12/2007, -0/+1loginrecovery.com - They'll give you the login names & passwords for free in 48 hrs.
  • infinite411, on 10/12/2007, -0/+0this is so retarded. That's why you shouldn't ever, ever, use a simple word for your password. It would be better of if you used a phrase from your favorite movie, IE. "Illneverletgojack85009" and your zip code area code etc. it's easy to remember and won't be easily cracked by running dictionary attacks.
  • bton, on 10/12/2007, -0/+0The narrator can also be heard at...
    http://www.homestarrunner.com/
  • ianmurrays, on 10/12/2007, -1/+1this is soooooooooooooooooooooooooooooooooo old
  • casemac, on 10/12/2007, -0/+0After watching the movie and reading these comments is there anyway you can keep people out of your acct. if they have physical access to your comp?
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.