How to hack the Windows 7 or Vista passwords-Become a hacker

Hello friends,
"How to Hack windows admin?" This will teach you how to hack the windows password. You can use the above tutorial for hacking any type of windows Operating system. For Example: you can hack the latest Windows 7 also.

There is only one change is required to do. i.e., You have to choose the correct Rainbow table corresponding to the Operating system that you are going to hack.

You can get all type of rainbow table from here:
http://ophcrack.sourceforge.net/tables.php

Hacking Windows XP

If you are going to hack the windows xp accounts(usually admin) password. Then you have to download the XP free fast (703MB) rainbow table.

Hacking Windows 7 or Windows vista

We all know that windows 7 is upgraded version of Vista. So the same rainbow table is used.(because same type of Hash code created by both).
So You have to download the Vista free (461MB) rainbow table.

How ophcrack tool impressed me?
Recently i have tested this tool in my system. In order to test , i create new account with "secure123" password. When i click the crack button, i got the password within seconds. I know this is weak password. So i thought it is not big issue to crack this silly password.

But when i try with my friend system, i am really impressed. Do you know why? He put the strong password for his windows 7 os( a password with upper&lower case combination,Special character,numbers). Because the ophcrack takes less than 1 seconds to crack this password. It is so interesting how the design this wonderful software.

Read more

How to Hack the Windows Admin Password Using OphCrack in Backtrack tutorial

if you are college/school students, you may curious to hack the admin password in your college or school system. This post is going to help you to crack the any type of windows accounts passwords. Learn how to hack the windows admin password like a geek.


Refer this link also: How to hack the windows 7 or vista using the following method

Requirements:

• BackTrack Linux 4 or 5. Download it from http://backtrack-linux.org
• Two Pen drives [if you are going to test in your own system, one pen drive is enough]
• Xp Free Fast RainBow table [tables_xp_free_fast.zip]. Download it from here:http://ophcrack.sourceforge.net/tables.php

Install the Backtrack Linux in one pen drive. Leave another pen drive as empty.

Step 1: Booting From Back Track
Insert the Backtrack installed  pen drive in target computer[when turned off].  We are going to boot the operating system from pen drive, so insert when the system is turned off.
Now Turn on the system.
Press F10 [boot menu, differs for system]  before booting and select boot from Pen drive. 
Now it will boot the Backtrack.
Select "Graphical User Interface "
Now wait for a while ( it will execute some commands}
Now you can see the "root:"
type "startx" and hit enter.  It will bring you to the GUI view of Backtrack.

Step 2:Copy the SAM and System files
Click the  Start button(dragon symbol)
Select System Menu
Select Storage Media(if you see nothing, close the window open it again).

You can see the list of Hard disk and Your pen drive.
Open the windows installed Hard disk and Navigate to this path:
WINDOWS/system32/config/

There you can see two files named as "SAM" and "System". 

Copy the both SAM and system files.
[ Just proceed to next step without closing the window]

Step 3:Insert your Empty Pen Drive
Now again go to System Menu->Storage Media
Open Your pen drive(Empty Pen drive) ,Create a new folder and paste the sam and system files inside that folder

[note: you may not paste into your backtrack installed pen drive. that's why i asked you to bring 2 pen drives.  If you testing in your system, then you can copy to any other hard drive.]

You can not directly copy the sam and system files from same operating system. That's why we are using Backtrack.

Step 4:Now go to your home.
Boot into windows.  Extract the "tables_xp_free_fast.zip" in any hard drive.
Copy the folder that contains sam and system files from your pen drive.
Paste in any hard drive.
---
Restart the windows.
Insert the Backtrack installed pen drive and boot from Pen drive.

Step 5: Mounting the Hard drive in Backtrack


Now  go to System Menu->Storage Media(if you see nothing, close the window open it again).
and open the hard drives that contains sam files and rainbow tables. Then close it.

Don't be confused. I asked you to open those hard drive for mounting purpose. In linux , it won't mount automatically until you open the drive

Step 6: Run OphCrack Tool in Backtrack
Open the ophcrack GUI(start->Backtrack->Privilege Escalation->Password Attack->offline Attacks-ophCrack GUI).

Ophcrack GUI application will run now.

Step 7: Loading the folder that contains sam and system files

Click the Load and select "Encrypted SAM" in ophcrack tool.
Now it will ask you to select directory that contains SAM folder.
 
[Select Computer in file selecting window.  click '/'  browse to /media/your_Hard_Disk]
 Select the directory(don't open the directory, just select it).

Now it will load and display the list of user accounts in the windows.

Step 8: Target the Admin Account
Here i am going to hack the one of the administrator account "secure" of my computer.
So remove all other accounts except the target admin account.[This is not necessary, but it will increase the cracking speed] by clicking delete button.

Step 9: Install the Rainbow Table
Now let us install the Rainbow table.
Click the Table button in ophcrack tool.
Now it will ask you to selec the table. 
we are going to crack windows password right?. So choose the first one. and click the install button.
[note: i have installed the rainbow table already.  So it showing green.]

Now browse to the Rain bow table directory. I mean to the "tables_xp_free_fast" folder.
[here also, don't open the foler, just choose it]

now click ok.


Step 10: Cracking Begins
Click the Crack button.
Wait for a while [ophcrack is the fastest cracking tool. so it won't take too much time]

Step 11: Password is cracked
Yes..!! we got the password.  Now go to your school/college and login with that password.
Enjoy.  Don't forget to share with your friends.  This is interesting one na..!
Actually i missed the fun.  I didn't know this hack when i study in college. if i know that time itself,
i may have fun with my college system. 

Using Backtrack Installed CD Or single Pen drive:

You will need only one pen drive, if you are going to hack the admin password in the target system itself. Don't forget to bring the rainbow table in your backtrack pen drive in this case.

you can use cd instead of Pen drive for backtrack installation.
If you use cd, you can not bring the SAM file to your home. You have to crack it in that computer itself

ENJOY CRACKING !!!

Read more

Different Types of Hash Codes-How to Find Which Hash types?

You have hashes but don't know which type it is.  Don't worry, here i listed different types of Hash codes.

DES(Unix)
Example: IvS7aeT4NzQPM
Used in Linux and other similar OS.
Length: 13 characters.
Description: The first two characters are the salt (random characters; in our example the salt is the string "Iv"), then there follows the actual hash.
Notes: [1] [2]

Domain Cached Credentials
Example: Admin:b474d48cdfc4974d86ef4d24904cdd91
Used for caching passwords of Windows domain.
Length: 16 bytes.
Algorithm: MD4(MD4(Unicode($pass)).Unicode(strtolower($username)))
Note: [1]

MD5(Unix)
Example: $1$12345678$XM4P3PrKBgKNnTaqG9P0T/
Used in Linux and other similar OS.
Length: 34 characters.
Description: The hash begins with the $1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]

MD5(APR)
Example: $apr1$12345678$auQSX8Mvzt.tdBi4y6Xgj.
Used in Linux and other similar OS.
Length: 37 characters.
Description: The hash begins with the $apr1$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2000 times.
Notes: [1] [2]


MD5(phpBB3)
Example: $H$9123456785DAERgALpsri.D9z3ht120
Used in phpBB 3.x.x.
Length: 34 characters.
Description: The hash begins with the $H$ signature, then there goes one character (most often the number '9'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 2048 times.
Notes: [1] [2]


MD5(Wordpress)
Example: $P$B123456780BhGFYSlUqGyE6ErKErL01
Used in Wordpress.
Length: 34 characters.
Description: The hash begins with the $P$ signature, then there goes one character (most often the number 'B'), then there goes the salt (8 random characters; in our example the salt is the string "12345678"), followed by the actual hash.
Algorithm: Actually that is a loop calling the MD5 algorithm 8192 times.
Notes: [1] [2]

MySQL
Example: 606717496665bcba
Used in the old versions of MySQL.
Length: 8 bytes.
Description: The hash consists of two DWORDs, each not exceeding the value of 0x7fffffff.

MySQL5
Example: *E6CC90B878B948C35E92B003C792C46C58C4AF40
Used in the new versions of MySQL.
Length: 20 bytes.
Algorithm: SHA-1(SHA-1($pass))
Note: The hashes are to be loaded to the program without the asterisk that stands in the beginning of each hash.

RAdmin v2.x
Example: 5e32cceaafed5cc80866737dfb212d7f
Used in the application Remote Administrator v2.x.
Length: 16 bytes.
Algorithm: The password is padded with zeros to the length of 100 bytes, then that entire string is hashed with the MD5 algorithm.

MD5
Example: c4ca4238a0b923820dcc509a6f75849b
Used in phpBB v2.x, Joomla version below 1.0.13 and many other forums and CMS.
Length: 16 bytes.
Algorithm: Same as the md5() function in PHP.

md5($pass.$salt)
Example: 6f04f0d75f6870858bae14ac0b6d9f73:1234
Used in WB News, Joomla version 1.0.13 and higher.
Length: 16 bytes.
Note: [1]

md5($salt.$pass)
Example: f190ce9ac8445d249747cab7be43f7d5:12
Used in osCommerce, AEF, Gallery and other CMS.
Length: 16 bytes.
Note: [1]

md5(md5($pass))
Example: 28c8edde3d61a0411511d3b1866f0636
Used in e107, DLE, AVE, Diferior, Koobi and other CMS.
Length: 16 bytes.

md5(md5($pass).$salt)
Example: 6011527690eddca23580955c216b1fd2:wQ6
Used in vBulletin, IceBB.
Length: 16 bytes.
Notes: [1] [3] [4]

md5(md5($salt).md5($pass))
Example: 81f87275dd805aa018df8befe09fe9f8:wH6_S
Used in IPB.
Length: 16 bytes.
Notes: [1] [3]

md5(md5($salt).$pass)
Example: 816a14db44578f516cbaef25bd8d8296:1234
Used in MyBB.
Length: 16 bytes.
Note: [1]

md5($salt.$pass.$salt)
Example: a3bc9e11fddf4fef4deea11e33668eab:1234
Used in TBDev.
Length: 16 bytes.
Note: [1]


md5($salt.md5($salt.$pass))
Example: 1d715e52285e5a6b546e442792652c8a:1234
Used in DLP.
Length: 16 bytes.
Note: [1]

SHA-1
Example: 356a192b7913b04c54574d18c28d46e6395428ab
Used in many forums and CMS.
Length: 20 bytes.
Algorithm: Same as the sha1() function in PHP.

sha1(strtolower($username).$pass)
Example: Admin:6c7ca345f63f835cb353ff15bd6c5e052ec08e7a
Used in SMF.
Length: 20 bytes.
Note: [1]


sha1($salt.sha1($salt.sha1($pass)))
Example: cd37bfbf68d198d11d39a67158c0c9cddf34573b:1234
Used in Woltlab BB.
Length: 20 bytes.
Note: [1]

SHA-256(Unix)
Example: $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqi
Used in Linux and other similar OS.
Length: 55 characters.
Description: The hash begins with the $5$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-256 algorithm 5000 times.
Notes: [1] [2]

SHA-512(Unix)
Example: $6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEm
Used in Linux and other similar OS.
Length: 98 characters.
Description: The hash begins with the $6$ signature, then there goes the salt (up to 8 random characters; in our example the salt is the string "12345678"), then there goes one more $ character, followed by the actual hash.
Algorithm: Actually that is a loop calling the SHA-512 algorithm 5000 times.
Notes: [1] [2]


SHA-1(Django) = sha1($salt.$pass)
Example: sha1$12345678$90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b
12345678 is salt (in the hexadecimal format)
90fbbcf2b72b5973ae42cd3a19ab4ae8a1bd210b is SHA-1 hash.

SHA-256(Django) = SHA-256($salt.$pass)
Example: sha256$12345678$154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b
12345678 is salt (in the hexadecimal format)
154c4c511cbb166a317c247a839e46cac6d9208af5b015e1867a84cd9a56007b is SHA-256 hash.


SHA-384(Django) = SHA-384($salt.$pass)
Example: sha384$12345678$c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d
83001c327f0ab70843dd5
12345678 is salt (in the hexadecimal format)
c0be393a500c7d42b1bd03a1a0a76302f7f472fc132f11ea6373659d0bd8675d04e12d8016d8
3001c327f0ab70843dd5 is SHA-384 hash.

SHA-1(ManGOS) = sha1(strtoupper($username).':'.$pass)

SHA-1(ManGOS2) = sha1($username.':'.$pass)

MD5(Custom) = '=='.md5(md5(md5($pass).md5($pass).md5($pass).md5($pass)))

-------------------------------------------------

Notes:

[1] Since the hashing requires not only a password but also a salt (or a user name), which is unique for each user, the attack speed for such hashes will decline proportionally to their count (for example, attacking 100 hashes will go 100 times slower than attacking one hash).

[2] The hash is to be loaded to the program in full, to the "Hash" column - the program will automatically extract the salt and other required data from it.

[3] The ':' character can be used as salt; however, since it is used by default for separating hash and salt in PasswordsPro, it is recommended that you use a different character for separating fields; e.g., space.

[4] Salt can contain special characters - single or double quotes, as well as backslash, which are preceded (after obtaining dumps from MySQL databases) by an additional backslash, which is to be removed manually. For example, the salt to be loaded to the program would be a'4 instead of a\'4, as well as the salts a"4 instead of a\"4 and a\4 instead of a\\4.


Source: insidepro

Read more

What is the Difference between Brute Force vs Dictionary Attack

In my previous posts i have explained what is brute force and dictionary attack.  Please before reading this article, read the following article:
Dictionary Attack cracking Hash code
What is Brute Force Cracking Attack?

 if you understand the clearly what is brute force and dictionary attack,actually no need to read this article.  but listing difference between them is good idea.

Brute Force	Dictionary Attack
Use different kind of possible key combination	Use list of known passwords
large number of key combination	Limited to certain common keys
Time is depending on the password strong and length	Time is depending on length of dictionary. i mean number of common passwords.
example of possible keys: hello,HELLo,Eello,keLLO,FELlo,..	Example of common passwords: iloveyou,12345,54321,ilovemom,ILOVEYOU...
Easy to crack when the key length is small	Easy to crack if the password is common password

Conclusion:
First give trial to Dictionary attack. most of passwords will be cracked using dictionary attack itself.
If it is hard to crack the Hash code using dictionary attack,then go with Brute Force attack.

Read more

How to Crack the Hash Code using Dictionary Attack ?|Cracking Tutorials

In my previous posts, i have explained what  brute force attack is and how to implement using cain  tools.  Today i am going to explain what dictionary attack is.

Dictionary Cracking Method:

  This is second type of Cracking the cipher text.  Trying all known passwords is known as Dictionary attack.  Usually users will set simple password like 12345,54321,ilovemom,one4three,143,iloveyou.etc.

How to Crack the Hash Code using Dictionary Attack ?

   First of all store the possible passwords in a text file.  This file is known as Dictonary.

Algorithm:

Cracking Step 1:
Now get the password from the Dictionary as input and encrypt it.
Step 2:
Now the compare the created Hash code with original Hash code.
Step 3:
Case i:  if it is not equal then go to the step1 and follow the instructions
Case ii: if it equal then display the password.
Step 4:
What else you have successfully cracked the Hash code .  Enjoy.

CONCLUSION:

For Hackers:
you can try this Dictionary cracking method until  you know completely about the user.  Also sometime may set difiicult password like ae73kd3deo^ .  In this time you can not use this cracking method.  As you don't know about the password strength, you can try this method first.  If it fails to find,then go with Brute Force Attack.  

For Security needers:
If you really want to protect your account,then  set the password like iloveyou,ilovemom,12345.  Instead set a strong password so that hackers can not crack your password "easily".

Note:
My next post is how to implement the Dictionary attack and crack the hash code using Cracking Tool.  So Keep in touch. Learn the Cracking and Hacking

Read more