Tuesday, 8 September 2009

Experiment 2 on Cracking Windows User Account Password

This is my second experiments on Ubuntu. It was performed when I was still joining MSc in Forensic Informatics at the University of Strathclyde. Below is the experiments results which I sent to my colleagues by email on 17 December 2008. 
Again, I just wanna share my experiment on using Opchrack for cracking the password of Windows XP. I carried out experiment of Ophcrack application under my Ubuntu 8.10 machine. There are 2 types of Ophcrack, the first one runs in GUI and the second one in command console. For my experiment, I select the first one because it is much easier to perform.

Firstly, click Load and select 'From encrypted SAM', then choose the directory containing the encrypted SAM and the SYSTEM file. For this purpose, I used  the registry files from the lab session of CS 936 containing SAM, SYSTEM, SOFTWARE, SECURITY and NTUSER.DAT.

After that we will have a list of the users, namely Administrator, Guest, HelpAssistant, SUPPORT_388945a0, johndoe, jane and bob.

Because Ophcrack is based on rainbow tables, so we have to download the tables from http://ophcrack.sourceforge.net/tables.php. At this website, there are various types of rainbow tables, either free or commercial. For this experiment, I just download the XP free small table which is 380 MBytes, then I extracted it after downloading finished successfully.

Click Tables then select the directory where the table set above is stored, after that click Launch. The process for cracking password is just started. In my machine, it took about 7 minutes to crack the password of Windows XP users. The passwords are :

Users  LMpasswd NTpasswd
Administrator DOE  doe
Guest  /EMPTY/  /EMPTY/
johndoe  DOE  doe
jane  JANE  jane
bob  BOB  bob

Besides Windows XP passwords (LM hashes), Ophcrack can also be used to crack Windows Vista passwords (NT hashes).

I also perform cracking password of my Windows XP machine by using Ophcrack with XP free small rainbow table. The result was so amazing, it only took about 15 seconds to crack and obtain my password.

I hope this experiment could be useful in a positive meaning.
From the description above, it can be concluded that Ophcrack can be used  through two different ways. The first one is by using registry files comprising encrypted SAM and SYSTEM, and the second one is by using live CD. It is more flexible to apply by users. It depends on the condition.

No comments:

Post a Comment