-->

Cracking Windows 10 passwords

Creating the passwords

Time to continue our tour on the basic Windows cracking techniques. Let´s repeat the initial procedures explained in the previous post, but this time under Windows 10. Start by creating a few accounts and please use the exact same passwords:

net user test1 9#Yo~3 /add
net user test2 [1aZ4~ /add
net user test3 õç2}5$ /add
net user test4 7%hª5b /add
net user test5 9Ayo7Bz /add
net user test6 G85pdDL /add
net user test7 Ã49ÇaõF /add
net user test8 3É6Óêph /add
net user test9 3b567gh0 /add
net user test10 77xpy6vh /add
net user test11 4ã8ç6ê7õ /add
net user test12 56é2à4óç /add
Install CAIN and Win10Pcap (http://www.win10pcap.org/download/)

Try the dictionary attack using all three wordlist files previously used

No luck? Try Ophcrack.

clip_image002

The Live CD is unable to load the Windows 10 hashes!

Solution? Dump the hashes using another program.

Cracking Windows Passwords

Creating passwords to crack

You’ll need a Windows machine (real or virtual) with administrator access. It can run any version of Windows, XP or later, except Windows 10. If you want to use Windows Server 20xx, you’ll need to disable the "Password must meet complexity requirements" policy.

Click Start, type in CMD and press Shift+Ctrl+Enter.

If a "User Account Control" box appears, click Yes.

In the Administrator Command Prompt window, execute these commands:

net user test1 abc /add
net user test2 abcde /add
net user test3 password /add
net user test4 entrincheirado /add
net user test5 Pa$$w0rd /add
 

Those commands create five new system users.

clip_image002

 

Downloading and installing Cain & Abel

Open a browser and go to http://www.oxid.it/cain.html

Scroll down and click "Download Cain & Abel v4.9.56 for Windows NT/2000/XP".

Save the installer on your PC.

clip_image004

Double-click the installer. Install the software with the default options.

NOTE: Cain & Abel will be detected as malware by your virus scanner. You will need to allow it to install, which is pretty easy if you use Microsoft Security Essentials or Defender. If you don't want to install it on your real machine, use a VM.

The installer will also ask to install WinPCap. In order to guarantee full functionality and stability, install it too.

Sniffing for Passwords with Wireshark

Installing the Wireshark Packet Sniffer

What you need for this task:
  • A computer with Internet access. You need administrator privileges.
  • I wrote the instructions with Windows 7
Open a Web browser and go to WireShark.org

Download and install the latest version of Wireshark. The installer will also install WinPCap.

Reboot the machine to load the WinPCap driver

Note: If you have problems with WinPCap under Windows 10, get the driver from http://www.win10pcap.org/

Starting a Packet Capture


Start Wireshark.

In the Capture menu, select Options

clip_image002

Make sure your interfaces are in promiscuous mode. Press Manage Interfaces.

clip_image004