I previously demonstrated Ophcrack which is a Windows password cracker that uses pre-computed hashes to match the password hash from the target machine's dumped SAM table. Password reset is as the name suggests substituting the password hash from the target machine's dumped SAM table so that you can stipulate the password that you wish to use.
My weapon of choice for password reset is Offline NT Password & Registry Editor. The tool's name is misleading as it supports newer OSs like XP and Vista. You can burn it into a bootable CD or utilize a boot disk. In my demo, I boot the target machine off a CD. I follow the tool's instructions before specifying a blank password. Once the new password is saved, I am able to enter the target system using a blank password.
The high res version of this demo can be downloaded here.
Each method has its pros and cons. Password cracking is time consuming but does not alert the adminstrator as the system password remains unchanged. Password reset is fast but is too obvious when the administrator cannot log into his system.
Subscribe to:
Post Comments (Atom)
VM for ransomware investigations
My laundry list of tools/software useful when investigating ransomware cases. Tor: Obviously need this to access Onion sites. qBittorrent...
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I've used Nessus for years. I only recently heard of NeXpose after Rapid7 started funding Metasploit and promised to integrate their sca...
No comments:
Post a Comment