New way to extract local user passwords!

Discuss it here

Moderators: Community Moderators, Veterans - RM Community

Forum rules
RM Specific Disclaimer: Users should be advised that any software files, modifications, upgrades, plugins etc are property of the poster.
Xatrix Security do not accept ownership of these files nor do we accept liability for any copyright violations.
Xatrix Community Guidelines: Click Here
User avatar
Xcellerator
Posts: 368
Joined: Mon Jul 06, 2009 7:09 pm

Re: New way to extract local user passwords!

Post by Xcellerator »

So, can I copy SAM and SYSTEM from C:\Windows\System32\config through SafeMode?
RGB Hypnotoad compels you to OBEY!!!

muto
Posts: 417
Joined: Sat Mar 29, 2008 12:46 pm

Re: New way to extract local user passwords!

Post by muto »

I doubt it. You can rip the contents with Administrator rights (using Cain or something), but since they're key parts of the registry, they're still in use in safe mode. Booting Linux does the trick though.

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: New way to extract local user passwords!

Post by ICT Tech »

In Safe Mode you may be able to login locally!

This means if you login locally via Safe Mode you would be able to copy this!! :P
ICT Tech
Senior Community Admin

User avatar
Xcellerator
Posts: 368
Joined: Mon Jul 06, 2009 7:09 pm

Re: New way to extract local user passwords!

Post by Xcellerator »

But I don't know the passwords to log in locally... That's what I'm trying to find out.

Also, can CAIN be run from USB? Because then I could export it to a *.lc file then crack it at home...
RGB Hypnotoad compels you to OBEY!!!

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: New way to extract local user passwords!

Post by ICT Tech »

Hmm, good point, I forgot about that!

I'm not sure if Cain can be run from a USB, that's more of a question for JD or muto, they're good with this sort of stuff!! :P
ICT Tech
Senior Community Admin

muto
Posts: 417
Joined: Sat Mar 29, 2008 12:46 pm

Re: New way to extract local user passwords!

Post by muto »

Cain can be run from a USB stick, but there are a couple of things you need to consider.

The packet sniffing functions will not work without the WinPCap driver installed
Abel.dll is required for the hash dumping, and many antiviruses detect (and delete) it
You need admin rights to dump hashes

User avatar
Xcellerator
Posts: 368
Joined: Mon Jul 06, 2009 7:09 pm

Re: New way to extract local user passwords!

Post by Xcellerator »

Well, on these two glitchy computers at my school, you have local admin rights on it! I can use cmd with full admin privileges, but I don't want to change the password, I want to crack it so I can run any program as admin on any computer! Also, I'm not worried about the sniffer function, I'm only trying to crack a password.
Here's my plan:
1. Log-on
2. Log-off
3. Remove Network Cable
4. Log-on (No Securus, or anti-virus, cos that's all run from the server!)
5. Use USB to dump Local Password Hashes!
6. Remove USB, then insert network cable!
The Server is none the wiser that I've done anything!
RGB Hypnotoad compels you to OBEY!!!

muto
Posts: 417
Joined: Sat Mar 29, 2008 12:46 pm

Re: New way to extract local user passwords!

Post by muto »

It'd be worth dumping the Domain Cached Credentials as well, you might get lucky and get the admin hashes in there, if not, you should at least get a couple of other student accounts to work from.

User avatar
ICT Tech
Community Master Admin
Posts: 1415
Joined: Thu Jul 26, 2007 6:33 pm
Location: In my chair!

Re: New way to extract local user passwords!

Post by ICT Tech »

muto wrote:It'd be worth dumping the Domain Cached Credentials as well, you might get lucky and get the admin hashes in there, if not, you should at least get a couple of other student accounts to work from.
Very True!! :lol:

And Well Done!! :P
ICT Tech
Senior Community Admin

Post Reply