TrackSomebody.com

october27thgroup.com pentesting, pci, red team

illmob.org

Windows Password Recovery Tools

March 13th, 2008 by Dev Team in Files, Password Info, windows

There are several ways to obtain password hashes, depending on their location and existing access. Password hashes can be obtained from SAM file or its backup, directly from local or remote computer registry, from registry or Active Directory on local or remote computer by means of DLL injection, from a network sniffer. The SAM file located in the %SystemRoot%\system32\config directory or %SystemRoot%\repair directory. It is also possible to recover the password itself from memory.

Here’s a few free tools to help you recover lost/unknown Windows passwords, most come with the source code included.

LCP 5.04 – user account passwords auditing and recovery in Windows NT/2000/XP/2003. Can get local or remote hashes and recovers by using
* dictionary attack;
* hybrid of dictionary and brute force attacks;
* brute force attack;

PWDump7 – A newer Windows password hash dumper using rootkit technology to inject and dump Windows password hashes. The resulting hashes can be then be cracked by a program such as John the Ripper(free),or SamInside(not free) or using Rainbow Tables

CachedPasswordDumper v1.3 – This program dumps the password to the screen from the account that is logged in at that time. Currently only Windows XP (up to SP1) and Windows 2003 Server (SP0) are supported. For WinNT/2K use Password Reminder

Alternatively you can boot from a Floppy or CD and use Offline NT Password & Registry Editor which allows you to reset your password to a blank password

CacheDump – The default behavior of Microsoft Windows domain members is to cache the last 10 different login credentials in the registry. Using a tool called CacheDump written by Arnaud Pilon you can dump the cached credentials to a file and this can be cracked with a plugin for john the ripper

PwDumpX 1.4 – is a tool that combines PWDump, Cachedump, and LSADump all in one tool. It allows a user with administrative privileges to
retrieve the domain password cache, password hashes and LSA secrets
from a Windows system

One Response to ' Windows Password Recovery Tools '

Subscribe to comments with RSS or TrackBack to ' Windows Password Recovery Tools '.

  1. Mandeep said,

    on June 26th, 2009 at 10:33 pm

    I am going to add this on autpost!! Yaya!

Leave a reply