Scribd
Upload
46 views

Computer Security Student

Uploaded by

cyberwarior1978
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
46 views

Computer Security Student

Uploaded by

cyberwarior1978
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 20

ComputerSecurityStudent

(CSS) [Login] [Join Now]

 HOME
 UNIX
 WINDOWS
 SECURITY TOOLS
 FORENSICS
 SHOPPING
 GET STARTED
 CONTACT US

|SECURITY TOOLS >> PASSWORD CRACKING >> Current Page |Views:


325001

(Password Cracking: Lesson 2)


{ Using Kali, bkhive, samdump2, and John to crack the SAM
H
Database } e
l
p

C
Section 0. Background Information o
m
1. What is the SAM Database? p
u
o The SAM database is the Security Accounts Manager t
database, used by Windows that manages user accounts e
r
and other things. It is implemented as a registry file S
e
that is locked for exclusive use while the OS is c
running. u
r
i
t
y
S
t
2. What is Kali? u
d
o Kali Linux is an advanced Penetration Testing and e
n
Security Auditing Linux distribution. t
o Kali is a complete re-build of BackTrack Linux,
adhering completely to Debian development standards, p
a
which contains for the following features: y
 More than 300 penetration testing tools f
 Vast wireless device support o
r
 Custom kernel patched for injection
c
 Secure development environment o
n
t
i
n
u
3. What is bkhive? e
d
o bkhive dumps the syskey bootkey from Windows
r
NT/2K/XP/Vista system hive. e
s
e
a
r
c
h
4. What is samdump2? ,
o samdump2 dumps the Windows NT/2K/XP/Vista password
hashes. r
e
s
o
u
r
c
5. What is John the Ripper? e
s
o John the Ripper is a free password cracking software
tool. Initially developed for the Unix operating &

system, it now runs on fifteen different platforms b


a
(eleven of which are architecture-specific versions of n
Unix, DOS, Win32, BeOS, and OpenVMS). It is one of the d
w
most popular password testing and breaking programs as i
d
it combines a number of password crackers into one t
package, autodetects password hash types, and includes h

a customizable cracker. It can be run against various


encrypted password formats including several crypt
password hash types most commonly found on various
Unix versions (based on DES, MD5, or Blowfish),
Kerberos AFS, and Windows NT/2000/XP/2003 LM hash.
Additional modules have extended its ability to
include MD4-based password hashes and passwords stored
in LDAP, MySQL, and others.

6. Lab Notes
o In this lab we will do the following:

1. We will boot Windows into Kali.


2. We will use Kali to mount the Windows Disk
Partition that contains the SAM Database.
3. We will use bkhive and samdump2 to extract
password hashes for each user.
4. We will use John the Ripper to crack the
administrator password.

7. Legal Disclaimer
o As a condition of your use of this Web site, you
warrant to computersecuritystudent.com that you will
not use this Web site for any purpose that is unlawful
or that is prohibited by these terms, conditions, and
notices.
o In accordance with UCC § 2-316, this product is
provided with "no warranties, either express or
implied." The information contained is provided "as-
is", with "no guarantee of merchantability."
o In addition, this is a teaching website that does not
condone malicious behavior of any kind.
o Your are on notice, that continuing and/or using this
lab outside your "own" test environment is considered
malicious and is against the law.
o © 2013 No content replication of any kind is allowed
without express written permission.

Section 1. Log into Damn Vulnerable WXP-SP2


1. Start Up Damn Vulnerable WXP-SP2.
o Instructions:
1. Click on Damn Vulnerable WXP-SP2
2. Click on Edit virtual machine Settings
o Note(FYI):

 For those of you not part of my class, this is a


Windows XP machine running SP2.
o

2. Edit Virtual Machine Settings


o Instructions:

1. Click on Network Adapter


2. Click on the Bridged Radio button
3. Click on the OK Button
o

3. Play Virtual Machine


o Instructions:
1. Click on Damn Vulnerable WXP-SP2
2. Click on Play virtual machine
o

4. Logging into Damn Vulnerable WXP-SP2.


o Instructions:
1. Username: administrator
2. Password: Use the Class Password or whatever you
set it.
3. Click the OK Button
o

Section 2. Change Administrator Password


1. Open a Command Prompt
o Instructions:
1. Start --> All Programs --> Accessories -->
Command Prompt
o

2. Change the Administrator Password


o Instructions:
1. net user administrator football
o Note(FYI):
1. We are changing the password to something that is
in the dictionary to show you how easily it can
be cracked.
o

3. Shutdown Windows Machine


o Instructions:
1. shutdown -s -t 0
o Note(FYI):
1. shutdown -s, shutdown the machine.
2. -t 0, give the user a grace period of 0 seconds.
The default is 30 seconds.
o
Section 3. Configure Windows to boot from Kali
1. Start Up Damn Vulnerable WXP-SP2.
o Instructions:
1. Click on Damn Vulnerable WXP-SP2
2. Click on Edit virtual machine Settings
o Note(FYI):

 For those of you not part of my class, this is a


Windows XP machine running SP2.
o

2. Edit Virtual Machine Settings


o Instructions:

1. Click on CD/DVD(IDE)
2. Check the Connect at power on checkbox
3. Click on the Use ISO Image File: radio button
4. Click the Browse Button and Navigate to Kali.iso
location
5. Select the Kali.iso
6. Click on the OK Button
o

Section 4. Power on Virtual Machine and Obtain Boot Menu


1. Play Virtual Machine
o Instructions:
1. Click on Damn Vulnerable WXP-SP2
2. Click on Play virtual machine
o

2. Obtain Boot Menu


o Instructions
1. Once you see the below vmware screen, (1) Left
Click in the screen and (2) press the "<Esc>" key
o Note(FYI):
1. This might take you a few times so be patient!!!
o
3. Boot Menu Options
o Instructions:
1. Arrow Down to CD-ROM Drive
2. Press <Enter>
o

Section 5. Mount Windows Disk Partition with Kali


1. Kali Linux Boot Menu
o Instructions:
1. Arrow Down to Live (686-pae)
2. Press <Enter>
o Note(FYI):
1. Note this will usually be the first selection.
o

2. Open a Terminal Window


o Instructions:
1. Click on the Terminal Window Icon
o

3. View and Mount Windows Disk


o Instructions:
1. fdisk -l
 Where "-l" is the lower case letter L.
2. mount -t ntfs /dev/sda1 /mnt
o Note(FYI):
1. The fdisk command will allow you to see the
partition table for one or many disk(s)
2. The mount command will mount a file system.
Since this is a Windows file system, I am
specifying the "-t ntfs" option.
o

4. View Mount Point


o Instructions:
1. df -k
o Note(FYI):
1. The df command reports on file system disk space
usage.
2. Arrow #1 is point to the Windows Disk.
3. Arrow #2 is the /mnt point that the Windows Disk
is not mounted on.
o

5. View Windows Disk Contents


o Instructions:
1. cd /mnt
2. ls
3. cd WINDOWS/system32/config
o Note(FYI):
1. Since we mount the windows disk boot partition
(/dev/sda1) on top of the /mnt directory, we have
to cd into it to see its' contents.
2. The ls command will list the directories
contents.
3. This is where the SAM database lives. The SAM
database is where all the Windows passwords
live.
o

Section 6. Using bkhive and samdump2


1. Using bkhive and samdump2
o Instructions:
1. ls
2. bkhive system /root/hive.txt
3. samdump2 SAM /root/hive.txt > /root/hash.txt
o Note(FYI):
1. ls the contents of the /WINDOWS/system32/config
directory.
2. bkhive dumps the syskey bootkey from Windows
NT/2k/XP/Vista system hive.
3. samdump2 dumps the Windows NT/2k/XP/Vista
password hashes.
o

2. View Hash Contents


o Instructions:
1. cd /root
2. ls -l *.txt
3. file *.txt
4. cat hash.txt
o Note(FYI):
1. Change directory into /root, because that is
where we put our hive and hash files.
2. List out the files using a wildcard (*).
3. Determine the file type of the hash and hive
files, where the hash file is (ASCII) and the
hive file is (Compressed Binary).
4. View the contents of the hash file
o

Section 7. Using John the Ripper


1. Run John the Ripper
o Instructions:
1. john /root/hash.txt -format=nt2 -
users=Administrator
2. cd /root/.john
3. ls -l
4. cat john.pot
o Note(FYI):
1. John is a password cracking tool.
2. After john is ran, it stores the results in
the .john directory under the current user's home
directory. (e.g., /root/.john).
3. Use "ls -l" to show the detail listing of the
files.
4. View the contents of the john.pot file which
contains the cracked passwords.
o

Section 8. Proof of Lab


1. Proof of Lab
o Instructions:
1. cd /root/.john
2. ls -l
3. cat john.pot
4. date
5. echo "Your Name"
 This should be your actual name.
 e.g., echo "John Gray"
o Proof of Lab Instructions:
1. Do a PrtScn
2. Past into a word document
3. Upload to Moodle.
o

Section 9. Post Installation Instructions


1. Un-Mount and Poweroff the Virtual Machine
o Instructions:
1. cd
2. umount /mnt
3. poweroff
o

2. Remove Disc Message


o Instructions:
1. Press Enter
o

3. Edit Damn Vulnerable WXP-SP2.


o Instructions:
1. Click on Damn Vulnerable WXP-SP2
2. Click on Edit virtual machine Settings
o Note(FYI):

 For those of you not part of my class, this is a


Windows XP machine running SP2.
o

4. Edit Virtual Machine Settings


o Instructions:

1. Click on CD/DVD(IDE)
2. Click on the Use physical drive: radio button
3. Select Auto detect from the down drop menu
4. Click on the OK Button
o

http://www.computersecuritystudent.com/SECURITY_TOOLS/PASSWORD_CRACKING/lesson2/

You might also like