Windows Password Cracking

When we returned to our office, we imported all the user account information in a distributed password cracking system (Multiple servers performing password cracking at the same time). Within approximately 30 minutes we had cracked 70% of account passwords. The remaining accounts took approximately two days.

An example of what this Windows account information looks like is:

jdoe:1152:A5C67174B2A219D1

{mosgoogle}The jdoe accounts password is represented by its hashed equivalent "A5C67174B2A219D1". This string of number and letters, when deciphered, is "CrackMe". You can test this with the tool I am going to introduce you tool in the next section of this article. Without going into all the technical details about how the cracking takes place, this type of deciphering is basically done by trying to match up the hashed password over time and a bunch of iterations. When you take the word "CrackMe", and hash it, it produces the string of numbers and letters (A5C67174B2A219D1). So what you are really doing is matching that string, then making the assumption that the human readable version is "CrackMe".

How To Generate Password Hashes

First and foremost I must warn you that the tool I am going to point you to is very powerful and could cause you problems if you are not careful with it. You must agree to hold me harmless if in fact you decide to download and use this tool. This tool, called Cain & Abel, is the Swiss Army knife of cracking and does a lot more than just that.

Once it is installed on your system, you can go to the "Tools" menu and choose "Hash Calculator". In the "Text to Hash" box type "CrackMe" without the ""'s and hit calculate. Look at the Type "LM" and you will see the hash from above of ":A5C67174B2A219D1".

This tool as a great password cracking program and we use it quite regularly. And as I said, it does a lot more than just cracking so be careful with it.

Conclusion

As I stated in the beginning of this article, there are many ways to obtain account information and many more ways to decipher it. In this case, we physically walked out of an office building with everything we needed. Shortly after cracking all the accounts we were able to use their remote access system to gain entry into their internal network as an administrator. There are also ways of capturing user account information using man-in-the-middle attack techniques, remote social engineering, and phishing just to name a few.

The bottom line is, make your passwords complex, and change them as often as you can.

About The Author

Darren Miller is an Information Security Consultant with over sixteen years experience. He has written many technology & security articles, some of which have been published in nationally circulated magazines & periodicals. If you would like to contact Darren you can e-mail him at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it