'How to get plain string passwords from hash file? [closed]

I used samdump2 to extract hashes from SAM and SYSTEM files, here is what I got as result in a text file:

*disabled* Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

*disabled* Guest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

*disabled* :503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

*disabled* :504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

abc:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

*disabled* :1009:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

:1020:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::

I have the hashes but I have no idea how to extract plain text passwords from these hashes. I have read some articles like this one: https://www.onlinehashcrack.com/how-to-extract-hashes-crack-windows-passwords.php

Online Hash Crack has this system to crack hashes online but somehow it didn't work, maybe I don't know the correct way to crack the hashes. So how can I extract plain string passwords from these hashes? btw the windows from which these SAM and SYSTEM files were taken has two local users.

Required files (just in case): https://drive.google.com/drive/folders/1txBB1OGcwPyLiKLXGdZPmSOJu0kZT0v-?usp=sharing

windowssecuritypenetration-testing


Solution 1:[1]

You can use JohnTheRipper for cracking the hashes. It will be much more stable and fast and JohnTheRipper optionally uses GPU power.

First of all, you should save the hash information in a text file. Then you can start the process you want with a command like the following.

john --format=NT --rules -w=/usr/share/wordlists/rockyou.txt hashfile.txt

If you want to get more detailed information, I recommend you to read the blog post below.

https://medium.com/secstudent/using-john-the-ripper-with-lm-hashes-f757bd4fb094

Last of thing, I am providing this information purely for educational purposes. If these hashes are not hashes of a system that belongs to you, you have definitely committed a legal crime and I recommend you to perform this operation only for educational purposes on your own systems.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Kyylee

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

How to show or hide contents of an aspx page based on current user's roles

protect images on webpage from being copied/saved?

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

SSL certificate error for IE users only

How to access HttpContext and Request in RequireAssersion?

Send Public key(generated as seckeyref in iPhone) to server(in Java)

The EXECUTE permission is denied on the user-defined table types?

cannot commit or push using egit (guess: issues with secure storage area)

Authorisation in microservices - how to approach domain object or entity level access control using ACL?

Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec

SSL Java java.io.IOException: Invalid keystore format

preventing abuse of API service usage

Protecting or Licensing a Django Application