Hacking Windows XP passwords

This will show you how to retrieve and crack the Windows SAM files which contains all the user passwords
What you should know:Windows XP passwords are stored in a file called the SAM. Inside the SAM are password hashes, these are the encrypted user passwords.This guide will show you how to get access to and crack the SAM file and retrieve the passwords stored in it.What you need:Knoppix-STD - Or any other linux distro. Since you can't access the SAM from inside Windows you have to go for an outside assault.SAMInside - This will extract the password hashes from the SAM fileCain & Abel - This will crack the password hash.USB Pen Drive - Just about anyone will do. The files are too big to fit on a floppy so you need a USB drive or something similar. I'm not linking to one because you can go just about anywhere to get one.Basic Knowledge of Linux - Since you will be navigating around using a Linux distro, you need to have a general idea of what you are doing. The less time you are at the target computer the better. The extent of the Linux knowledge you will need to know will cover booting the distro, mounting hard drives, and "cd"ing into directories.Target Computer - No kiddin' right? Your target computer can't have a BIOS password enabled. If it does you will not be able to boot your linux distro without either taking the harddrive or resetting the BIOS password.And onto the show:

1.Plug your USB drive into the target pc.

2.Put your distro in the cd drive and boot it up.

3.Some distro's will auto-mount the Windows partition. If it doesn't you can mount it yourself using the following commands:
mkdir /mnt/target
mount /dev/hda1 /mnt/target

This is assuming a few things. One is that the distro you are using is compatible with those commands, and that your Windows partition is hda1. You do not have to mkdir either, I just made a new folder to keep things neat.

4. The SAM files are stored in the windows/system32/config/ directory so:
cd /mnt/target/windows/system32/config

5. Now copy the SAM and system files to your USB drive.
cp SAM /mnt/USB
cp system /mnt/USB

Again, this is assuming that your USB drive is mounted to /mnt/USB

6. You are all done on the target computer now, so go ahead and shutdown the PC and get out of there.

7. Now you need to extract the password hash from the SAM file. Load SAMInside.

8. Once you've loaded up the SAM and system files, you will be given the encrypted password hash.

9. If the target computer had LM hashes enabled, things should be very easy to crack. SAMInside might be able to brute force the passwords for you. Depending on the complexity of the password, it could take from a few minutes to a serveral days to crack the password. I'm not too sure how well SAMInside is at cracking the passwords since I havn't used it. If it is unable to crack the passwords you will want to open up Cain.

10.The last time I did something like this, I didn't know about Cain, and SAMInside was a version from back in the day. So it looks as if you don't have to use SAMInside to get the password hashes for Cain. For a program like LC4 you will need SAMInside to get the hashes for you. To use Cain, open it and

- Go to Crack

- Go to LM and NT Hashes

- Right Click and selcect Add to List

- Select Import Hashes from SAM database

- Open the SAM on the first box, then in the second open the system file

- Copy the BootKey it gives you into the Bootkey box in the first window

11.Click OK then right click on the account you want to crack. Select either a brute force or dictionary attack. I reccommend dictionary attack if you think the person is less likely to use a complex password such as omg1337@lol rather than something simple like football.

12.That is basically it. The time it takes to crack the password all depends on the speed of your computer and the complexity of the password. Things will go much quicker if the LM hash is enabled. The reason is the LM hash encryption is far less detailed. I will explain how to hack into a target computer using password hash insertion and how to disable LM hashes in my next article.

13. Thanks and I hope this helps

by pwnmstr

Klik disini untuk melanjutkan »»

Basic Hacking Tutorial II

The Basics of Hacking II Courtesy of the Jolly Roger

Basics to know before doing anything, essential to your continuing career as one of the elite in the country... This article, "the introduction to the world of hacking" is meant to help you by telling you how not to get caught, what not to do on a computer system, what type of equipment should I know about now, and just a little on the history, past present future, of the hacker.

Welcome to the world of hacking! We, the people who live outside of the normal rules, and have been scorned and even arrested by those from the 'civilized world', are becomming scarcer every day. This is due to the greater fear of what a good hacker (skill wise, no moral judgements here)can do nowadays, thus causing anti- hacker sentiment in the masses. Also, few hackers seem to actually know about the computer systems they hack, or what equipment they will run into on the front end, or what they could do wrong on a system to alert the 'higher' authorities who monitor the system. This article is intended to tell you about some things not to do, even before you get on the system. I will tell you about the new wave of front end security devices that are beginning to be used on computers.

I will attempt to instill in you a second identity, to be brought up at time of great need, to pull you out of trouble. And, by the way, I take no, repeat,no, responcibility for what we say in this and the forthcoming articles.

Enough of the bullshit, on to the fun: after logging on your favorite bbs, you see on the high access board a phone number! It says it's a great system to "fuck around with!" This may be true, but how many other people are going to call the same number? So: try to avoid calling a number given to the public. This is because there are at least every other user calling, and how many other boards will that number spread to?

If you call a number far, far away, and you plan on going thru an extender or a re-seller, don't keep calling the same access number (I.E. As you would if you had a hacker running), this looks very suspicious and can make life miserable when the phone bill comes in the mail. Most cities have a variety of access numbers and services, so use as many as you can. Never trust a change in the system... The 414's, the assholes, were caught for this reason: when one of them connected to the system, there was nothing good there. The next time, there was a trek game stuck right in their way! They proceded to play said game for two, say two and a half hours, while telenet was tracing them! Nice job, don't you think? If anything looks suspicious, drop the line immediately!! As in, yesterday!! The point we're trying to get accross is: if you use a little common sence, you won't get busted. Let the little kids who aren't smart enough to recognize a trap get busted, it will take the heat off of the real hackers. Now, let's say you get on a computer system... It looks great, checks out, everything seems fine.

Ok, now is when it gets more dangerous. You have to know the computer system to know what not to do. Basically, keep away from any command something, copy a new file into the account, or whatever! Always leave the account in the same status you logged in with. Change *nothing*... If it isn't an account with priv's, then don't try any commands that require them! All, yes all, systems are going to be keeping log files of what users are doing, and that will show up. It is just like dropping a trouble-card in an ESS system, after sending that nice operator a pretty tone. Spend no excessive amounts of time on the account in one stretch. Keep your calling to the very late night ifpossible, or during business hours (believe it or not!). It so happens that there are more users on during business hours, and it is very difficult to read a log file with 60 users doing many commnds every minute.

Try to avoid systems where everyone knows each other, don't try to bluff. And above all: never act like you own the system, or are the best there is. They always grab the people who's heads swell... There is some very interesting front end equipment around nowadays, but first let's define terms... By front end, we mean any device that you must pass thru to get at the real computer. There are devices that are made to defeat hacker programs, and just plain old multiplexers.

To defeat hacker programs, there are now devices that pick up the phone and just sit there... This means that your device gets no carrier, thus you think there isn't a computer on the other end. The only way around it is to detect when it was picked up. If it pickes up after the same number ring, then you know it is a hacker-defeater. These devices take a multi-digit code to let you into the system. Some are, in fact, quite sophisticated to the point where it will also limit the user name's down, so only one name or set of names can be valid logins after they input the code... Other devices input a number code, and then they dial back a pre-programmed number for that code. These systems are best to leave alone, because they know someone is playing with their phone. You may think "but i'll just reprogram the dial-back." Think again, how stupid that is... Then they have your number, or a test loop if you were just a little smarter. If it's your number, they have your balls (if male...), If its a loop, then you are screwed again, since those loops are *monitored*. As for multiplexers... What a plexer is supposed to do is this:

The system can accept multiple users. We have to time share, so we'll let the front-end processor do it... Well, this is what a multiplexer does. Usually they will ask for something like "enter class" or "line:". Usually it is programmed for a double digit number, or a four to five letter word. There are usually a few sets of numbers it accepts, but those numbers also set your 300/1200/2400 baud data type. These multiplexers are inconvenient at best, so not to worry. A little about the history of hacking: hacking, by my definition, means a great knowledge of some special area. Doctors and lawyers are hackers of a sort, by this definition. But most often, it is being used in the computer context, and thus we have a definition of "anyone who has a great amount of computer or telecommunications knowledge." You are not a hacker because you have a list of codes... Hacking, by my definition, has then been around only about 15 years. It started, where else but, mit and colleges where they had computer science or electrical engineering departments.

Hackers have created some of the best computer languages, the most awesome operating systems, and even gone on to make millions. Hacking used to have a good name, when we could honestly say "we know what we are doing". Now it means (in the public eye): the 414's, ron austin, the nasa hackers, the arpanet hackers...

All the people who have been caught, have done damage, and are now going to have to face fines and sentences. Thus we come past the moralistic crap, and to our purpose: educate the hacker community, return to the days when people actually knew something...

Klik disini untuk melanjutkan »»

Basic Hacking Tutorial I

Hacking Tutorial Courtesy of the Jolly Roger

What is hacking?
According to popular belief the term hacker and hacking was founded at mit it comes from the root of a hack writer,someone who keeps "hacking" at the typewriter until he finishes the story.a computer hacker would be hacking at the keyboard or password works.

What you need:
To hack you need a computer equipped with a modem (a device that lets you transmit data over phone lines) which should cost you from $100 to $1200.

How do you hack?
Hacking recuires two things:
1. The phone number
2. Answer to identity elements

How do you find the phone #?
There are three basic ways to find a computers phone number.
1. Scanning,
2. Directory
3. Inside info.

What is scanning?
Scanning is the process of having a computer search for a carrier tone. For example,the computer would start at (800) 111-1111 and wait for carrier if there is none it will go on to 111-1112 etc.if there is a carrier it will record it for future use and continue looking for more.

What is directory assictance?
This way can only be used if you know where your target computer is. For this example say it is in menlo park, CA and the company name is sri.
1. Dial 411 (or 415-555-1212)
2. Say "Menlo park"
3. Say "Sri"
4. Write down number
5. Ask if there are any more numbers
6. If so write them down.
7. Hang up on operator
8. Dial all numbers you were given
9. Listen fir carrier tone
10. If you hear carrier tone write down number, call it on your modem and your set to hack!

Klik disini untuk melanjutkan »»