More videos
IA Memory Ordering
Artificial intelligence and digital media
Friday, February 29, 2008
Monday, February 18, 2008
How to recovery passwords from Windows NT
Today i back to think in the past, when some friends asked me how to break Windows NT passwords, i thought that they could find tools to do it, some tried use a pure brute force and didn't got any good success, some did, but a long time ago was a better way to do it, using the rainbow table.
As you know the passwords on many systems are stored like hash, if the password has almost the same size of the hash you will have more success to recover, but if you think that the password has a bigger size, you will get so much collisions, that is very simple to understand, the hash has one fixed size and no matter whats the size of what you use like an input, the function always will generate the output in the same size.So you think, your password is something like 400 bytes, the hash have always 64 bits of size, there you go:
(your pwd) => 2^(8*400) = the number of combinations that you have with 400 bytes
(hash) => 2^64 = the number of combinations that the hash can hold
I don't need to tell you that for represent something more than 2^64 will generate same "identifications", think about 2^65 ((2^64)*2), the half of values will be collisions, in other words each "identification" can represent 2 different values.
However for each algorithm somethings like the forecast of the collisions would appear distinct from each other.
Well, if you want to know more about hash, here is a link:
http://en.wikipedia.org/wiki/Cryptographic_hash_function
Lets back to the LM hash:
http://en.wikipedia.org/wiki/LM_hash
size: 16 bytes(string)
Windows Passwords:
size: 15 characters long(OEM)
Here we have a good success rate.
The tool:
-------------------------------------------------------------------------------------
Image .iso
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
Author: Dr Philippe Oechslin
-------------------------------------------------------------------------------------
Testing
If you want test with a VM like i did.
In Virtual PC:
Choose VESA Mode, and just look :)
-------------------------------------------------------------------------------------
As you know the passwords on many systems are stored like hash, if the password has almost the same size of the hash you will have more success to recover, but if you think that the password has a bigger size, you will get so much collisions, that is very simple to understand, the hash has one fixed size and no matter whats the size of what you use like an input, the function always will generate the output in the same size.So you think, your password is something like 400 bytes, the hash have always 64 bits of size, there you go:
(your pwd) => 2^(8*400) = the number of combinations that you have with 400 bytes
(hash) => 2^64 = the number of combinations that the hash can hold
I don't need to tell you that for represent something more than 2^64 will generate same "identifications", think about 2^65 ((2^64)*2), the half of values will be collisions, in other words each "identification" can represent 2 different values.
However for each algorithm somethings like the forecast of the collisions would appear distinct from each other.
Well, if you want to know more about hash, here is a link:
http://en.wikipedia.org/wiki/Cryptographic_hash_function
Lets back to the LM hash:
http://en.wikipedia.org/wiki/LM_hash
size: 16 bytes(string)
Windows Passwords:
size: 15 characters long(OEM)
Here we have a good success rate.
The tool:
-------------------------------------------------------------------------------------
Image .iso
http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/
Author: Dr Philippe Oechslin
-------------------------------------------------------------------------------------
Testing
If you want test with a VM like i did.
In Virtual PC:
Menu Bar >> Capture ISO Image... >> ophcrack-livecd-1.2.2.iso
Choose VESA Mode, and just look :)
-------------------------------------------------------------------------------------
Tuesday, February 12, 2008
Learning how Windows NT work
Done, i'd made a decision, there is a lot of documents around internet about windows, really i'm not going to write the same thing here, and even if i write about the kernel, first, i'll need to explain things that we need to know before we go(that blog is not intent to "experts" as you see, i give my attention for who is starting), so if i think that is necessary write somethings, i'll do.
So, anyway here is a simple guide that i tested on windows xp sp2 for install the MS debugging tools, the first step for who is learning how OS work, is start at "startup process".
http://en.wikipedia.org/wiki/Windows_NT_startup_process
The tools that you can use for look how the OS work on NT:
-MS Virtual PC
-Debugging tools for windows
------------------------------------------------------------------------------------
Now you should see something like this:
Copy it to one line below it, but add some little things like /DEBUGPORT=COM1 /BAUDRATE=115200
Should look like:
Now, go shutdown the VM and set up others configurations: in Virtual PC Console choose your VM, go to it settings in COM1 for example and add in Name Pipe:
\\.\pipe\kd That's a IPC that we going to use for debug from the kernel side.
Done it you can start VM if you want, if you do it, choose the second line that you added to the boot.ini(i mean the line that specify the parameters to debug)
Configuring the WinDbg
After you do the previous things do the following:
1.make a .bat file with some contents that i will write below.
if you got the "Windows Symbol Packages" from the microsoft website and unpacked them to c:\windows\symbols...
else
Complementary study
Virtualization(related to MS Virtual PC)
http://en.wikipedia.org/wiki/Virtualization
Reverse Engineering(related to WinDbg)
http://en.wikipedia.org/wiki/Reverse_engineering
So, anyway here is a simple guide that i tested on windows xp sp2 for install the MS debugging tools, the first step for who is learning how OS work, is start at "startup process".
http://en.wikipedia.org/wiki/Windows_NT_startup_process
The tools that you can use for look how the OS work on NT:
-MS Virtual PC
-Debugging tools for windows
------------------------------------------------------------------------------------
First - Installation
Install MS Virtual PC Link: Click here to download
Install Microsoft SDK Link:Click here to download
------------------------------------------------------------------------------------
Second - the Settings
Note: the target to debug here is a Microsoft Windows XP into one VM(we are using MS Virtual PC)
1.Install the Windows XP on your VM(Virtual Machine), after it edit the boot.ini file, you can do it just following some steps, open the properties of
My Computer" >> Advanced [Startup and Recovery] >> Settings >> Edit.
Now you should see something like this:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Copy it to one line below it, but add some little things like /DEBUGPORT=COM1 /BAUDRATE=115200
Should look like:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /DEBUGPORT=COM1 /BAUDRATE=115200
Now, go shutdown the VM and set up others configurations: in Virtual PC Console choose your VM, go to it settings in COM1 for example and add in Name Pipe:
\\.\pipe\kd That's a IPC that we going to use for debug from the kernel side.
Done it you can start VM if you want, if you do it, choose the second line that you added to the boot.ini(i mean the line that specify the parameters to debug)
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /DEBUGPORT=COM1 /BAUDRATE=115200
Configuring the WinDbg
After you do the previous things do the following:
1.make a .bat file with some contents that i will write below.
if you got the "Windows Symbol Packages" from the microsoft website and unpacked them to c:\windows\symbols...
windbg -y C:\WINDOWS\Symbols -k com:pipe,port=\\.\pipe\kd,resets=0,reconnect
else
windbg -y SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols -k com:pipe,port=\\.\pipe\kd,resets=0,reconnect
later, be sure that VM is running and all settings are done, you can verify the pipe made by VM using follow tool:
Link:Click here to download Run it from prompt(console mode).
Do you see the name kd?
If you see you can go on.
------------------------------------------------------------------------------------
Third - Testing
Now, go to the host window, execute the .bat file that you had created to run windbg,
if you see "Opened \\.\pipe\kd Waiting to reconnect...", go to:
Debug >> Kernel Connection >> Cycle Initial Break.
Now, restart the VM and you get it waiting for your commands. :)
------------------------------------------------------------------------------------
Complementary study
Virtualization(related to MS Virtual PC)
http://en.wikipedia.org/wiki/Virtualization
Reverse Engineering(related to WinDbg)
http://en.wikipedia.org/wiki/Reverse_engineering
------------------------------------------------------------------------------------
Saturday, February 2, 2008
Framework 3.1
01/28/2008
"The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. "Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community" said H D Moore, project manager. Moore is referring the numerous research projects that have lent code to the framework." http://www.metasploit.com/
That new version came with more exploits and a better GUI, the browser is not required(it make things better, we know that compatibility between the browsers are not good).
Thanks guys, just it. :)
http://www.metasploit.com
"The Metasploit Project announced today the free, world-wide availability of version 3.1 of their exploit development and attack framework. The latest version features a graphical user interface, full support for the Windows platform, and over 450 modules, including 265 remote exploits. "Metasploit 3.1 consolidates a year of research and development, integrating ideas and code from some of the sharpest and most innovative folks in the security research community" said H D Moore, project manager. Moore is referring the numerous research projects that have lent code to the framework." http://www.metasploit.com/
That new version came with more exploits and a better GUI, the browser is not required(it make things better, we know that compatibility between the browsers are not good).
Thanks guys, just it. :)
http://www.metasploit.com
Subscribe to:
Posts (Atom)