The daily life of DavRahl

If the passwords is 7 characters or less, then the second half of the LM hash is always: 

1. OxAAD3B435B51404EE
2. OxAAD3B435B51404AA
3. OxAAD3B435B51404BB
4. OxAAD3B435B51404CC

LM hash is used as method to store passwords within the Windows operating system in a encrypted manner. When the passwords is less then 15 characters long, both LM hash and NTLM hash are generated and stored in the local SAM database or in Active Directory. LM or Manager hashes are weaker and used in all versions of Microsoft Windows prior to Vista. Creation of the LM hash :

1. Convert the entire password to uppercase.
2. If the lenght of the password is less then 14 bytes, it will be padded with NULL bytes to make it 14 bytes long.
3. The password will split into two parts of 7 bytes each.
4. DES encryption algorithm.
5. DES algorithm produce on both halves of the padded passwords two 8-bytes encrypted hashes that are joined together to create 16-byte hash.
6. This hash is the LM hash that is stored in the SAM database.

If the password is 7 characters or fewer, the second half of the hash will always be AAD3B435B51404EE.

Obtaining Windows Passwords 

In this example we use back | track 5 Live CD that can run an entire operating system from the CD and allow us to access and manipulate files on the hard drive.

John the Ripper is a password cracker and can also be utilized to break passwords on a local Windows machine, therefore is required to access the SAM and the systems files. Security Accounts Manager (SAM) is a vital component of how Windows stores passwords locally on the computer system. The SAM database is an integral part of the Windows Registry, which is a central hierarchical database that maintains configurations settings for applications, hardware devices, and users.  

Registry Path              File Path

HKEY_LOCAL_MACHINE\SAM     %WINDIR%\system32\config\Sam

The HKEY_LOCAL_MACHINE hive contains a vast array of configurations information for the system, including hardware settings and software settings. Passwords stored in the SAM are stored in either LAN Manager (LM) hash or NT LAN Manager (NTLM) format depending on the policies implemented. In this example we use two tools, bkhive and samdump2 (both present in BackTrack 5)to get the hashes off a Windows machine that is booted to the BackTrack 5 live DVD.

Perform the following steps :

1. Boot the system up to the BackTrack 5 DVD.
2. Type startx to bring up the GUI.
3. In the terminal type the command fdisk -l to view the partitions. 
4. Create a mount point. 
5. Mounting your windows ntfs partition from BackTrack.
6. Navigate to the config directory.
7. In the terminal type ls to verify that system and SAM are present.
8. Copy both the SAM and the SYSTEM files to the john directory.
9. Type bkhive SYSTEM bootkey. 
10. Type the following command to extract the hashes 
11. Type the following command to view the hashes:  less winhashes.txt 
12. Erase all of the accounts and corresponding hashes that you do not want: vi winhashes.txt (dd) to delete the entire row and ZZ to save and exit.
13. Type the following command : ./john winhashes.txt .
14. I got the password culia.

DAD APOLOGIZES!!!!!!!

Il geloso è così. Gode a farsi soffrire. Egli stimola la sua angoscia cercando sempre nuovi indizi, moltiplicando le sue indagini, formulando ipotesi sempre più assurde. 

Anonymous : Ehi amico, ho un problema!!!!!!!

Io : Dimmi tutto!! Sono a tua disposizione.

Anonymous: Il non sapere mi uccide, ogni volta che mi avvicino al pc della mia ragazza, lei diventa nervosa, irascibile, sicuro che mi nasconde qualcosa, cambia in continuazione la password di accesso al computer, come se avesse paura che possa carpirla quando velocemente la digita sulla tastiera!!! 

Io: Un’altra delle tue elucubrazioni mentali!!!ne ho a tal donde di siffatte ciuffole!!!!!

Anonymous : Che!!!!!!!

Io : Lascia stare, come ti posso aiutare!? (Penso: accesso abusivo ad un sistema informatico o telematico (art.615 ter cp))

Anonymous : Ci sarebbe un modo di accedere alle cartelle personali del pc della mia ragazza senza conoscere la password?

Io : Ma ti sei impazzito!!!! Ok!!! Prima però permettimi di dirti una cosa : 

My recommendation is for you to set up a test lab at home where you can practice these concepts and skills. You can use these skills when you have the legal and written permissions of the person you are assisting!!!! (ahahah!!!!)