Offline Password Cracking ( using fgdump and Ophcrack )
Pwdump is a program that results in password hashes of local user accounts from the Security Account Manager (SAM). In order to work, it must be run under an Administrator account i.e. user with full privilege. Pwdump could allow a malicious administrator to access user’s passwords.
There are different flavors of Pwdump.
1. pwdump
2. pwdump2
3. pwdump3
4. pwdump4
5. pwdump5
6. pwdump6
7. pwdump7
8. fgdump-this is an advancement of pwdump6
Ophcrack is a program that cracks Windows passwords by using hashes values which is obtained as an output of pwdump or directly from the SAM file. Ophcrack can crack most passwords within a few minutes.
Requirements for Test Lab
1) 1 attacker PC(linux)
2) 1 target PC(windows)
Step1:Execute the Fgdump.exe on the Target PC(windows Machine) using Command Line:
start >run >cmd > cd Desktop
(change directory to the location where the fgdump.exe is saved)
Type fgdump.exe (to execute the exe file)
Fig -1
Output:
This step results a PWDUMP file with the name 127.0.0.1 on the Desktop. The file contains the hashed output values of all the users.
Step2: Install ophcrack on the Attacker PC (linux)
> sudo -s (to get root privilage)
> apt-get install ophcrack
Fig -2
>Step3: Start ophcrack – Type the key word ophcrack on the terminal to open the GUI mode of Ophcrack
Fig -3
> Step:4 Install the Raindow Tables(these are pre-configured tables containing hashed output of all the passwords of a windows system)
Fig -4
Step:5 – Load the PWDUMP file on to the OPHCRACK (i.e 127.0.0.1 PWDUMP file.The output of step1)
Fig -5
Step:6 – Crack the hash – Click on Crack tab.
This step results passwords of all the users of the Target PC