Ethical Hacking and Penetration Testing Guide

252
◾ 
Ethical Hacking and Penetration Testing Guide
Credits
—http://www.tarasco.org/security/pwdump_7/index.html
This is the screenshot of pwdump, where it has extracted hashes from the sam directory.
Downloads
◾
http://www.foofus.net/~fizzgig/pwdump/
◾
http://www.tarasco.org/security/pwdump_7/
◾
http://www.foofus.net/~fizzgig/fgdump/default.htm
Ophcrack
Ophcrack is a Windows-based tool that has the capability to not only dump the hashes, but also 
crack those hashes using rainbow tables. The ophcrack program comes with rainbow tables that 
work for passwords of a very short length. So if the password is lengthy, or, say, alphanumeric, 
you won’t be able to crack it. In that case you can download additional rainbow tables from 
the rainbow crack project, which provides free rainbow tables, but as rainbow tables are huge 
in size they also provide you options to buy any rainbow tables if you don’t want to download 
gigabytes of rainbow tables.

Postexploitation
◾ 
253
References
http://sourceforge.net/projects/ophcrack/
http://project-rainbowcrack.com/table.htm
Scenario 3—Offline System
So here we have the third and last scenario, where we have physical access to the computer but no 
administrative rights. In this case we can choose between two approaches:
1. Using a bootable CD such as Ophcrack LiveCD to crack the passwords.
2. Bypassing the log-in.
Ophcrack LiveCD
Ophcrack LiveCD can be downloaded from the official website (links are given later) and can be 
used to crack passwords. It comes along with rainbow tables, which are capable of cracking pass-
words of shorter length.

Yüklə 22,44 Mb.

Dostları ilə paylaş: