The goal is to unify all of the good information found in various bits and pieces into 1 large document. This document is for people who want to learn to the how and why of password cracking. There is a lot of information being presented and you should READ IT ALL BEFORE you attempted doing anything documented here. I do my best to provide step by step instructions along with the reasons for doing it this way. Other times I will point to a particular website where you find the information. In those cases someone else has done what I attempting and did a good or great job and I didn’t want to steal their hard work. These instructions have several excerpts from a combination of posts from pureh@te, granger53, irongeek, PrairieFire, and stasik. I would also like to thank each of them and others for the help they have provided me on the BackTrack forum.
I had to compress the document so I could attach it. The document as it stands now is 56K. Please let me know if what I have is wrong, or if there is a better way to do something, or if I am missing something. I am planning on making enhancements as people make me aware of them.
Here is the table of contents
1 LM vs. NTLM
2 Dumping the SAM and cracking the password using BackTrack
2.1 Dumping the SAM from inside BackTrack
2.2 Dumping Cached Credentials from BackTrack
2.3 Cracking the LM hash using john the ripper
2.4 Cracking the LM hash using mdcrack
2.5 Cracking the NTLM hash using john the ripper
2.5.1 Cracking the NTLM hash using the results from cracking the LM hash using john the ripper
2.6 Cracking the NTLM hash using mdcrack
2.6.1 Cracking the NTLM hash using the results from cracking the LM hash using mdcrack
2.7 Cracking the LM hash using ophcrack
2.8 Cracking the NTLM hash using ophcrack
3 Dumping the SAM and cracking the password using applications in Windows
3.1 Dumping the SAM from windows
3.1.1 Dumping the SAM from windows using pwdump7
3.1.2 Dumping the SAM from windows using fgdump
3.2 Dumping Cached Credentials from windows
3.3 Cracking the LM hash using john the ripper
3.4 Cracking the LM hash using mdcrack
3.5 Cracking the NTLM hash using john the ripper
3.6 Cracking the NTLM hash using mdcrack
3.6.1 Cracking the NTLM hash using the results from cracking the LM hash using mdcrack
3.7 Cracking the LM hash using ophcrack (requires high speed internet access during install)
3.8 Cracking the NTLM hash using ophcrack
3.9 Cracking the LM and NTLM hash using Cain and Able
4 Cracking the LM and NTLM hashes using the ophcrack LiveCD
5 plain-text.info
6 Active Directory
7 Resetting a forgotten password on a local user account (NOT A DOMAIN ACCOUNT)
8 Novell
9 Cracking Linux/Unix passwords using John the Ripper
10 Cracking equipment passwords using Hydra in BackTrack
11 Cracking equipment passwords using Brutus in windows
12 Cracking Oracle 11g (sha1)
13 Cracking Oracle passwords over the wire
14 Syskey
15 Wordlists aka Dictionary attack
15.1 Using John the Ripper to generate a wordlist
15.2 Configuring John the Ripper to use a wordlist
15.3 Using crunch to generate a wordlist
15.4 Using premade wordlists
15.5 Other wordlist generators
15.6 Manipulating your wordlist
16 Rainbow Tables
16.1 What are they?
16.2 Generating your own
16.2.1 rcrack - obsolete but works
16.2.2 rcracki - new but doesn't work
16.2.3 Generating a rainbow table
16.3 WEP cracking
16.4 WPA-PSK
Download