HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 31 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow NT Hash Decode
EH-Net
May 21, 2013, 05:54:37 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: NT Hash Decode  (Read 9687 times)
0 Members and 1 Guest are viewing this topic.
Clueless
Guest
« on: April 19, 2010, 12:06:42 PM »
Help!  I am at my wits end.  Can anyone decode this NT hash for my wifes computer, I screwed up the password, and can't get back in.  She has all here photos stored on this computer, and I don't want to be responsible for loosing them.  I tried OPHCRACK live CD with the free tables, with no success, system is Vista.

NT hash = 7883959c919eafeb76f893f4f9426929

Any help would be greatly appreciated
Logged
UNIX
Hero Member
*****
Offline Offline

Posts: 1235


View Profile
« Reply #1 on: April 19, 2010, 12:49:44 PM »
May I ask how you screwed it up? Just curious. Smiley
Logged
Clueless
Guest
« Reply #2 on: April 19, 2010, 01:48:46 PM »
Decided to reset her password as a joke, after having had a few too many, must have made a typo, now I can't logon, no admin account - in deep crap.
Logged
pizza1337
Full Member
***
Offline Offline

Posts: 156

Resource is Power.


View Profile
« Reply #3 on: April 19, 2010, 02:39:15 PM »
anyone else think its fishy?

><}}}'>
Logged
Knowledge Resource is Power.
ziggy_567
Sr. Member
****
Offline Offline

Posts: 361


View Profile
« Reply #4 on: April 19, 2010, 02:42:15 PM »
Whether or not its fishy...Clueless would be the most able to crack the hash since he probably has "some" idea of what the password would be. If anyone else were to crack it, it would ultimately become a brute force attempt.
Logged
--
Ziggy


eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
n1p
Jr. Member
**
Offline Offline

Posts: 89


View Profile WWW
« Reply #5 on: April 19, 2010, 03:15:13 PM »
Yes, I second that. You will roughly have the character length and possible variations. You obviously entered the pass twice to change it, so you cant be that far wrong. With this in mind you can significantly reduce the required searchable keyspace. So stick with it...

You could also try having a few more beers and trying again. Might get lucky... or unlucky
Logged
chrisj
Hero Member
*****
Offline Offline

Posts: 1163


View Profile WWW
« Reply #6 on: April 19, 2010, 08:45:57 PM »
really, don't need to crack it. if you have physical access to the computer there are tools out there that let you reset windows passwords. I use TRK (Trinity Rescue Kit) at work, and have yet to lose data.
Logged
OSWP, Sec+
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #7 on: April 19, 2010, 10:57:17 PM »
There's not another administrator account on the machine where you can just reset it?

As mentioned earlier, there are utilities, such as konboot, that can reset passwords.

You might want to hold off on either method if she was using EFS though.
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
j0rDy
Hero Member
*****
Offline Offline

Posts: 590


View Profile
« Reply #8 on: April 20, 2010, 03:24:18 AM »
no need to crack it. people tend to underestimate the power of physical access to the machine. there are plenty of tools (mostly linux based) that can boot as a live CD and reset the current password to whatever you want (even null) this is the easiest and most efficient way of resetting the password. Giving the fact you changed it to something random i'd say there is no need to crack it to find out what the password was. Good Luck!
Logged
ISC2 Associate, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
DavidW
Newbie
*
Offline Offline

Posts: 21


View Profile
« Reply #9 on: April 21, 2010, 12:32:36 PM »
With this being your wife's computer and the fact that you have physical access to it, as a last resort if you can't reset the password so you can gain access you could remove the hard drive from her computer and connect it to another.  Once you boot the computer you would just copy the contents over from one hard drive to another and then format, reload and then copy the backed up data over to her computer again.  If this is a laptop you would need a device to connect the hard drive to another system but this would be no problem with a PC.  Before you go that route though what OS is your wife's computer running?  Once that is answered I will have more suggestions to try.
Logged
A+, Security+, MCP, MCSA:Security - Server 2003, MCSE:Security - Server 2003, MCTS,  MCITP: Enterprise Support Technician, MCITP: Server Administrator

Presently working on C|EH
ziggy_567
Sr. Member
****
Offline Offline

Posts: 361


View Profile
« Reply #10 on: April 21, 2010, 12:51:00 PM »
My guess would be Windows since he's asking about a NT Hash.
 Wink
Logged
--
Ziggy


eCPPT - GSEC - GCIH - GCUX - RHCE - SCSecA - Security+ - Network+
DavidW
Newbie
*
Offline Offline

Posts: 21


View Profile
« Reply #11 on: April 21, 2010, 02:01:45 PM »
I was assuming Windows as well and should have worded it as such I guess Smiley.  I should have just mentioned it in my previous post about trying to log on to XP using administrator as the log in with no password and not being able to use the administrator account in Windows Vista and 7 to try this since it is disabled by default.  If it helped that'd be less work he would have to do.  Just adding my two cents. Wink
Logged
A+, Security+, MCP, MCSA:Security - Server 2003, MCSE:Security - Server 2003, MCTS,  MCITP: Enterprise Support Technician, MCITP: Server Administrator

Presently working on C|EH
Marcos_NJ
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #12 on: July 05, 2010, 03:12:30 PM »
I have the same problem only the PC is of a deceased person who worked for me.  I believe I have quite a bit of intellectual property on the machine and I'm only able to get on the pc and retreive specific contents.  The hard drive must be in tact and not placed in another computer for retreival.

I have all the MD5, NTLM, LM, SHA1 codes but all online tools return "Not Found"

I'm on a timetable here and really need to get this done.
Logged
hayabusa
Hero Member
*****
Offline Offline

Posts: 1632



View Profile
« Reply #13 on: July 05, 2010, 06:55:39 PM »
@Marcos_NJ - Boot the box to live Backtrack or Samurai cd / dvd, browse the drive(s) and get your data off of it...
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.065 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.