A password is no longer enough.

Status
Not open for further replies.

Grutzvalt

Est. Contributor
Messages
1,378
Role
Adult Baby
Ever heard of Ophcrack? It'll crack alphanumeric Windows password from a live CD. I don't know how it all works, haven't had a reason to try it. It is for legal purposes only, for use on YOUR system. Any way around this? By the way, if you're stupid enough to try to break into someone else's system with the program, don't blame me when the FBI is at your door step. Just to let you know.

~Gwizzy~
 

Sawaa

Est. Contributor
Messages
416
Role
Sissy
I can do the same thing with a floppy disk or flash drive, and have been able to ever since NT4, truly. If you can touch the machine, you can own it. It's not even that you crack the password, you just over-write it, instantly.
 

Gingy

Est. Contributor
Messages
2,124
Role
Adult Baby, Sissy
I have a friend that is awesome with computers, his brother uses alphanumeric passwords. So my friend hacked into his acoount and was caught by his bro. His bro broke 2 of my friends ribs with a baseball bat. Ouch
 
Messages
1,421
Role
Diaper Lover, Babyfur, Carer, Other
Well currently I have the administrator password for EVERY system in my county(it was too darn easy).

Just wanted to add that random bit in there(I don't use the password, but I keep it just to know I have it, and I didn't hack or anything)
 

Jakethefox

Est. Contributor
Messages
549
Role
Diaper Lover, Babyfur, Sissy, , Carer
i remebered some netuser command that resetted passwords... I forgot how to do it though... if I remember it I might post it on here.... *ponders on how to do it* I think its netuser *insertusernamehere* pass *then a pass or nothing here*
 

BluTack

Est. Contributor
Messages
1,281
Role
Diaper Lover
L0phtCrack has a very big list of every password you can think of.
I.e: Mike, MIKE, MiKe, mIkE, M1ke, m1ke, M1K3, m1k3, m1k3, etc etc Form A to Z.
 

recovery

Est. Contributor
Messages
1,234
Role
Other
There is ways do stop your system from being under this type of attack.

Because with XP and 2000 it saves the passwords with LM hashes. Hashes are bascially a code that can not be worked backwords. I.E. Work out the password from the hash. Its a one way system. The problem with this is that even with the more secure NTLM hashes, it doesn't add a salt to slow down Rainbow Table attacks to the point it is not feasible to do.

All my password contains special characters and are at least 12 Characters long. There is a tick box somewhere (I think in the policy editor, it may be present) By default Vista does not store the LM hash. So it will not work against vista.

If you want some real fun. Use Metasploit + AutoPwn. Then you can gain access to unpatched remote machines.
 

Sawaa

Est. Contributor
Messages
416
Role
Sissy
ntpasswd doesn't have to brute force, it doesn't matter how many characters long or what characters are involved. It just accesses the sam file directory and over-writes. Brute-forcing is silly.
 

kevintje

Est. Contributor
Messages
477
Role
Adult Baby, Diaper Lover
Hiren's boot cd and Ultimate boot cd are ALWAYS with my laptop, when I've got to fix a comp. I use it for about everything...
 

recovery

Est. Contributor
Messages
1,234
Role
Other
ntpasswd doesn't have to brute force, it doesn't matter how many characters long or what characters are involved. It just accesses the sam file directory and over-writes. Brute-forcing is silly.

But its not good when you try to get itno your mate's PC or their encypted files.
I am not too sure about the way linux stores login info. But I guess they have ways round it.

Bt either way its not really a stealthy way to go about it?
 
Messages
2,148
Role
Diaper Lover
I believe my Pirate thread would be more likely to promote legal activity Blake.
 

recovery

Est. Contributor
Messages
1,234
Role
Other
Won't this thread like promote any illegal actions?
There is a difference about talking about it and actually do it. There is insufficent detail here for a newb to 'hack' computers. We've meerly gave them google search keywords. No-one has spoon fed anyone here. (which I hate, and any other *security* network peeps).

As I said, the random tables is usuful if you happen to acidently come across your School's back-up files *wink* *wink* Then you find the real deal. Where you know it and they don't know about it.

However if your parent is willing enough (and has half the skills and does reset you password) then they will find you pr0n stash. Oh, and maybe ADISC.
 

DannyTheNinja

Banned
Messages
852
Role
Private
Hiren's boot cd and Ultimate boot cd are ALWAYS with my laptop, when I've got to fix a comp. I use it for about everything...
I'm going to feel sorry for you when you get your laptop stolen and your hard disk isn't encrypted. You might as well just not use a password if your laptop runs Windows and you keep Windows password-reset utility CDs in your bag.

--Danny :ninja:
 

Deltaomega

Est. Contributor
Messages
102
Role
Private
For WinXP it's surprisingly easy to get the file where the password is stored for login. Login passwords are HORRIBLY insecure, simple as that. I can fire up my PHLAK CD or any linux CD for that matter, mount the NTFS volume and work my magic. There are multiple ways of doing it, my favorite being not actually changing the password but just cracking the file and finding the password so that I don't tip off the owner of the system. This would be especially useful if my parents all the sudden decided to lock my computer down and give me limited access whilst denying me Administrator or root access.

And personally, this information isn't illegal in any sense. Its called Information Security and is in high demand, as long as it's not used for illegal purposes the information is totally legal as it's taught in college. For brute force attacks they are childish in some senses such as using a brute force over the internet on someone's website because the log file will be filled with attempts but when you want to try and crack something locally it can be useful if its a small password. Because of the nature of brute force, the larger the password the longer its going to take and after 4 characters it can take an insanely long time on a single machine. Thats where a dictionary attack comes in, using words out of a dictionary to try and crack the password.

In the end a login password is not enough, it will not stop those that want to get in. To stop the livecd problem would require you to disable boot from cd, lock the BIOS with a password and then lock the computer case itself so someone cannot reset the CMOS. Couple this with hard drive encryption and you got a somewhat secure PC. The sky is the limit for information security and linux is the best way to go as you can rebuild the distro with extra features for security if you have the ability.
 
Status
Not open for further replies.
Top