Type in CMD and press Shift+Ctrl+Enter.
If a "User Account Control" box pops up, click Yes.
In the Administrator command prompt window, execute this command:
net user jose password /add
Download Cain & Abel for Windows NT/2000/XP. Install it with the default options.
Troubleshooting
If that page is blocked, which it is on many college campuses, you can get a version of Cain from my Website here:http://samsclass.info/123/proj10/ca_setup.7z
It's a password-protected 7-Zip archive. The password is sam
If you don't have 7-zip, get it here:
If a "User Account Control" box pops up, click Yes.
In Cain, on the upper set of tabs, click Cracker.
In Cain, move the mouse to the center of the window, over the empty white space.
Right-click and click "Add to list...".
In the "Add NT Hashes from" box, accept the default selections and click Next.
The password hashes appear, as shown below.
There are two password hashes: LM Hashes and NT hashes.
LM hashes are very old and so weak even Microsoft has finally stopped using them by default in all Windows versions after Windows XP.
NT hashes are Microsoft's "more secure" hash, used by Windows NT in 1993 and never updated in any way. As you will see, these hashes are also very weak and easily cracked, compared with Linux password hashes.
Cracking four Linux hashes took about 20 seconds using a dictionary of 500 words when I did it, but as you will see, you can crack four Windows passwords using a dictionary of 500,000 words in about a second. Windows password hashes are more than 10,000 times weaker than Linux hashes.
Notice that your NT password hash starts with 8846, just like mine. This is because Microsoft doesn't salt hashes--every user on every Windows machine on Earth has the same salt if they are using a password of password.
That means you can often crack Windows password hashes by just Googling them, because many lists of common passwords and hashes have been uploaded to the Internet over the last 20 years.
However, we'll use hashcat, which is a very powerful way to crack passwords.
Open the win1.lc file in Notepad.
Carefully highlight the NT hash for Jose, as shown below, right-click it, and click Copy.
nano win1.hash
In the nano window, from the menu bar at the top,
click Edit, Paste.
The hash appears, as shown below:
Press Ctrl+X, Y, Enter to save the file.
In a Terminal window, execute these commands:
curl http://contest-2010.korelogic.com/wordlists/RockYou-MostPopular500000PassesLetters_less50000.dic.gz > rock.dic.gz
gunzip rock.dic.gz
head rock.dic
You should see the first ten passwords,
as shown below:
Troubleshooting
If that server is down, use these commands instead:
curl https://samsclass.info/123/proj10/RockYou-MostPopular500000PassesLetters_less50000.dic.gz > rock.dic
head rock.dic
In a Terminal window, execute these commands:
cd
mkdir hash
cd hash
wget https://hashcat.net/files_legacy/hashcat-2.00.7z
7z e hashcat-2.00.7z
./hashcat-cli32.bin -V
Troubleshooting
If that link doesn't work, use this one:wget https://samsclass.info/123/proj10/hashcat-2.00.7z
cd
./hash/hashcat-cli32.bin -m 1000 -a 0 -o winpass1.txt --remove win1.hash rock.dic
Type YES and press the Enter key.
In a Terminal window, execute this command:
cat winpass1.txt
Explanation: This uses hashcat with these options:
You should see the hash, with the cracked password of "password" at the end, as shown below:
Click on the host machine's desktop, outside the virtual machine to make the host machine's desktop active.
Press the PrintScrn key to copy the whole desktop to the clipboard.
YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT.
In the host machine, open Paint and paste in the captured image. Save it as "Your Name ProjX16a".
curl https://samsclass.info/123/proj10/win2.hash > win2.hash
cat win2.hash
You should see four password hashes,
as shown below:
./hash/hashcat-cli32.bin -m 1000 -a 0 -o winpass2.txt --remove win2.hash rock.dic
Type YES and press the Enter key.
In a Terminal window, execute this command:
cat winpass2.txt
You should see the hashes, with the found passwords
at the end of each line
as shown below. (I redacted the passwords.)
Click on the host machine's desktop, outside the virtual machine to make the host machine's desktop active.
Press the PrintScrn key to copy the whole desktop to the clipboard.
YOU MUST SUBMIT A FULL-SCREEN IMAGE FOR FULL CREDIT.
In the host machine, open Paint and paste in the captured image. Save it as "Your Name ProjX16b".
http://hashcat.net/files/hashcat_user_manual.pdf
http://contest-2010.korelogic.com/wordlists.html
http://www.scovetta.com/article-2.html