Tuesday, December 14, 2004

Cracking Windows passwords for free

I just sent the following to the pen-test mailing list, and I thought I should post it here for others to find as well. Someone on the list had asked whether it was possible to replicate LC5's functionality for free. Of course it is!

You can replicate most of the functionality (if not the ease of use) of LC5 with Open Source. For capturing hashes from remote registries, use pwdump3. Once you've got the hashes, feed them into John the Ripper to crack them. If you prefer, you can also use Rainbow Crack to recover the passwords more quickly, although this requires substantial pre-computation and a lot of storage space.

I've managed to get all of the above running under Linux. John and Rainbow Crack are native Unix applications (windows versions also exist), and pwdump3 is simple enough to run well under Wine.

No comments: