...
0001100100110111110001011101100001000001010100110011011000011110111011110101110101001101010011110001000100110000100001000010011110
1001100010101111001101001011100110111100111100111011011100000110110001010011010001001111011111000100000101010110100101011000000101
1101011101011000001011010101001011010110100001001010010111000100101011101011011001011110110111101110010110101110101111100011001111
1001011111010000000011010101111111011000011101010111000001010110100000111101111110100110010111100111010100111001011101110000000000
0001110011010010100000001011001000010100001110001111111010000000011000010101000000111010011110010110100111010111111101010000101101
1010111000110101011100010000100010010101100110000101000000010011000000011101100101001001011111001111100011100000101101001111011100
1010000000010100000111110100101001011011011111100100101101001001011010001110000001100101010010111111101101101010010100011101111001
1011110000101010011100100101110001101110111001010110000110111000010000001000000101000111100100111011000001110110001000010001010100
1111001111000001111101110111100011000000000000110001001011010001001100010100100100001111101011010000101010001110101000011000011100
1110101111100011000010000101101101101110001110101000000100000011100011000111011011010110011001010101111101010010110100011011010010
0100010011010011100101101111000110001000011001101111001111011000011001001011111101110010000100010101000110110100101100110100001010
0010111101001000010011111101000100100001011111001100101000000010101000101011010110100111001000101111001001001110011110101001111010
RE
RE-Tools
Security
Operating Systems
Development Tools
Digital Art
Didatic Materials
Virtualization
zines...
"... i don't understand the world... i wont understand the world... i don't belive that someone in sometime... said what? sorry i don't understand... rakish"

Monday, February 18, 2008

How to recovery passwords from Windows NT

Today i back to think in the past, when some friends asked me how to break Windows NT passwords, i thought that they could find tools to do it, some tried use a pure brute force and didn't got any good success, some did, but a long time ago was a better way to do it, using the rainbow table.

As you know the passwords on many systems are stored like hash, if the password has almost the same size of the hash you will have more success to recover, but if you think that the password has a bigger size, you will get so much collisions, that is very simple to understand, the hash has one fixed size and no matter whats the size of what you use like an input, the function always will generate the output in the same size.So you think, your password is something like 400 bytes, the hash have always 64 bits of size, there you go:

(your pwd) => 2^(8*400) = the number of combinations that you have with 400 bytes

(hash) => 2^64 = the number of combinations that the hash can hold

I don't need to tell you that for represent something more than 2^64 will generate same "identifications", think about 2^65 ((2^64)*2), the half of values will be collisions, in other words each "identification" can represent 2 different values.

However for each algorithm somethings like the forecast of the collisions would appear distinct from each other.

Well, if you want to know more about hash, here is a link:

http://en.wikipedia.org/wiki/Cryptographic_hash_function

Lets back to the LM hash:

http://en.wikipedia.org/wiki/LM_hash

size: 16 bytes(string)

Windows Passwords:

size: 15 characters long(OEM)

Here we have a good success rate.

The tool:

-------------------------------------------------------------------------------------

Image .iso

http://lasecwww.epfl.ch/~oechslin/projects/ophcrack/

Author: Dr Philippe Oechslin

-------------------------------------------------------------------------------------

Testing

If you want test with a VM like i did.

In Virtual PC:



Menu Bar >> Capture ISO Image... >> ophcrack-livecd-1.2.2.iso


Choose VESA Mode, and just look :)

-------------------------------------------------------------------------------------

No comments: