Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 17 Sep 2014, 15:49
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Suggestions
Puppy Linux XP Password Cracker
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Author Message
ecomoney


Joined: 25 Nov 2005
Posts: 2183
Location: Lincolnshire, England

PostPosted: Fri 21 Dec 2007, 11:24    Post subject:  Puppy Linux XP Password Cracker
Subject description: Use ophCrack with livecd
 

Im thinking of more ways to get people to try puppy...

One of the main ways Ive seen a virus or a hacker brick a XP computer is to change the login passwords. I get called out often to remove or change the passwords (I think windows password can be said to be more of an inconvenience than a security measure!). For this I use the ophCrack live cd, which is based on slax and 455mb big. This is basically a custom livecd distro with nothing but the cracking software preloaded. Ive found it also boots on less computers than puppy, and it also doesnt recognise certain hard disks. Puppy does a lot better. I think in the situation that this cd would be used would be an ideal time for people to take their first look at puppy/linux, just when XP has failed on them! Using a puppy cd would also allow the client to view their files while xp was being cracked (it takes about 5 mins).

If someone were to create a puppy cd that included ophcrack, then I think it would create a lot better product (Im a bit busy now what with everything, but would be happy to help test it and provide feedback).

_________________
Puppy Linux's Mission

Sorry, my server is down atm!
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
cthisbear

Joined: 29 Jan 2006
Posts: 3411
Location: Sydney Australia

PostPosted: Fri 21 Dec 2007, 18:18    Post subject:  

" Ive found it also boots on less computers than puppy, and it also doesnt recognise certain hard disks. "

Sometimes the older version released earlier this year boots and finds
the passwords better than the later ophCrack.
And yes sometimes it just stops.

Good idea ...............add a GUI as well.
Combine this with some Ultimate Boot CD features and what a cracker....literally....version of Puppy that would be.

Some of the " Ultimate" lads use Puppy as well.
And I am sure of them some lurk on this forum.

Rudy Puppy had extra tools as well?
///////////////////////////////////////////////////////
You do know about this don't you ecomoney.
Only works 4 XP Pro..........not XP home.
" 10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar,
press SHIFT + F10.
This is the security hole!
A command console will now open up giving you the potential for wide access to your system. "

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

I Forgot My Administrator Password! by Vic Ferri

Can't Log On to Windows XP?

If that’s your only problem, then you probably have nothing to worry about.
As long as you have your Windows XP CD,
you can get back into your system using a simple but effective method made possible by a little known
access hole in Windows XP.

This method is easy enough for newbies to follow –
it doesn’t require using the Recovery Console or any complicated commands.
And it’s free - I mention that because you can pay two hundred dollars for an emergency download of
Winternals ERD with Locksmith which is a utility for unlocking lost Windows passwords.
See here http://www.winternals.com/products/repairandrecovery/locksmith.asp

ERD is an excellent multi purpose product, but you should know it is not a necessary one if you have a healthy system and your sole problem is the inability to logon to Windows due to a forgotten password. Not necessary because you can easily change or wipe out your Administrator password for free during a Windows XP Repair. Here’s how with a step-by-step description of the initial Repair process included for newbie’s.

1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be - and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

5. The Licensing Agreement comes next - Press F8 to accept it.

6. The next screen is the Setup screen which gives you the option to do a Repair.

It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”

Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again!
Setup will resume automatically with the standard billboard screens and you will notice Installing Windows
is highlighted.

10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar,
press SHIFT + F10.
This is the security hole!
A command console will now open up giving you the potential for wide access to your system.

11. At the prompt, type NUSRMGR.CPL and press Enter.
Voila! You have just gained graphical access to your User Accounts in the Control Panel.

12. Now simply pick the account you need to change and remove or change your password as you prefer.
If you want to log on without having to enter your new password,
you can type control userpasswords2 at the prompt and choose to log on without being asked for password.
After you’ve made your changes close the windows,
exit the command box and continue on with the Repair (have your Product key handy).

13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.

I tested the above on Windows XP Pro with and without SP1 and also used this method in a real situation
where someone could not remember their password and it worked like a charm to fix the problem.
This security hole allows access to more than just user accounts.
You can also access the Registry and Policy Editor, for example.
And its gui access with mouse control. Of course,
a Product Key will be needed to continue with the Repair after making the changes,
but for anyone intent on gaining access to your system, this would be no problem.

And in case you are wondering, NO, you cannot cancel install after making the changes and expect to logon
with your new password.

Cancelling will just result in Setup resuming at bootup and your changes will be lost.

Ok, now that your logon problem is fixed, you should make a point to prevent it from ever happening again by creating a Password Reset Disk. This is a floppy disk you can use in the event you ever forget your log on password. It allows you to set a new password.

Here's how to create one if your computer is NOT on a domain:

* Go to the Control Panel and open up User Accounts.
* Choose your account (under Pick An Account to Change) and under Related Tasks,
click "Prevent a forgotten password".
* This will initiate a wizard.
* Click Next and then insert a blank formatted floppy disk into your A: drive.
* Click Next and enter your logon password in the password box.
* Click Next to begin the creation of your Password disk.
* Once completed, label and save the disk to a safe place

How to Log on to your PC Using Your Password Reset Disk

Start your computer and at the logon screen, click your user name and leave the password box blank or just type in anything. This will bring up a Logon Failure box and you will then see the option to use your Password Reset disk to create a new password. Click it which will initiate the Password Reset wizard. Insert your password reset disk into your floppy drive and follow the wizard which will let you choose a new password to use for your account.

Note: If your computer is part of a domain, the procedure for creating a password disk is different. "

::::::::::::::::::::::::::::::::::::::

Regards..................Chris
Back to top
View user's profile Send private message 
richard.a


Joined: 15 Aug 2006
Posts: 510
Location: Adelaide, South Australia

PostPosted: Sun 13 Jan 2008, 00:38    Post subject:  

Chris good one, mate.

BTW ERD/Winternals is now part of the dreaded Borg empire. Microsoft bought them about a year ago Sad

So for $200 you'll pay a lot more for less imho. Less? Yep they advised mid 2007 that certain parts of the ERD CD were not going to be included in ther next version Sad

Thanks for the F10 tips as well.

Ooroo,

Richard downunder

_________________
Have you noticed editing is always needed for the inevitable typos that weren't there when you hit the "post" button?


Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3411
Location: Sydney Australia

PostPosted: Sun 13 Jan 2008, 05:29    Post subject:  

" Ooroo "

Should start an off topic on unusual Oz words.

Chris
Back to top
View user's profile Send private message 
jcoder24


Joined: 06 May 2005
Posts: 601
Location: Barbados

PostPosted: Sun 13 Jan 2008, 09:47    Post subject:  

There's a "puppy unleashed" type system for windows called "Bart's PE Builder". It allows you to build a customised ERD type CD.

On the linux side of things there is the Ophcrck live cd.
Quote:
The ophcrack LiveCD contains a small linux system (SLAX6), ophcrack for linux and rainbow tables for alphanumerical passwords.

The liveCD cracks passwords automatically, no installation necessary, no admin password necessary (as long as you can boot from CD).

Windows Vista SAM can also be cracked.


I'm sure we can reproduce this effort in puppy.
Back to top
View user's profile Send private message 
redpox1st

Joined: 23 Jan 2009
Posts: 1

PostPosted: Fri 23 Jan 2009, 09:28    Post subject:  

Hi lads new to this I have ophcrack installed on my puppy if anyone is looking for it, I have used it and havent had a problem with it
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Fri 23 Jan 2009, 11:50    Post subject:  

I am not sure if they still have it or what they used but Austrumi used to have this XP password cracking facility built in . . .
Thought it might be of interest Smile
They still have something called 'hydra'
http://cyti.latgola.lv/ruuni/

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
dejan555


Joined: 30 Nov 2008
Posts: 2648
Location: Montenegro

PostPosted: Fri 23 Jan 2009, 12:45    Post subject:  

There's 3MB linux distro-bootdisk 4 hacking xp pass here:
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
Aronzak

Joined: 29 Dec 2008
Posts: 36
Location: Sydney

PostPosted: Sun 25 Jan 2009, 19:38    Post subject:  

dejan555 wrote:
There's 3MB linux distro-bootdisk 4 hacking xp pass here:
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html


That's a classic. Copying out the encrypted SAM is a good idea.
Back to top
View user's profile Send private message Visit poster's website 
ecomoney


Joined: 25 Nov 2005
Posts: 2183
Location: Lincolnshire, England

PostPosted: Sun 15 Feb 2009, 10:11    Post subject:  

so ophcrack can be installed on puppy for definate? Ive just downloaded the source code, which is quite small (225k), I dont know how big a package that this would translate into, I dont know anything about compiling.
_________________
Puppy Linux's Mission

Sorry, my server is down atm!
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
ttuuxxx


Joined: 05 May 2007
Posts: 10750
Location: Ontario Canada,Sydney Australia

PostPosted: Sun 15 Feb 2009, 13:59    Post subject:  

ecomoney wrote:
so ophcrack can be installed on puppy for definate? Ive just downloaded the source code, which is quite small (225k), I dont know how big a package that this would translate into, I dont know anything about compiling.


Here ya go I compiled it both ways commandline or the Qt4 GUI version.
command line type in a terminal
ophcrack
and the QT4 version install
http://puppylinux.ca/puppyfiles/pet_packages-4/qt4-4.3.2.pet
to run it, install the pet, install the QT4 libs from above, fixmenus <-- in a console
the restart JWM or Icewm
go to menu/utility/xp password cracker <--- click and enjoy
ttuuxxx
cracker.jpg
 Description   
 Filesize   37.09 KB
 Viewed   5038 Time(s)

cracker.jpg

ophcrack-3.1.0-i386.pet
Description 
pet

 Download 
Filename  ophcrack-3.1.0-i386.pet 
Filesize  203.84 KB 
Downloaded  833 Time(s) 

_________________
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games Smile

Back to top
View user's profile Send private message Visit poster's website 
jcoder24


Joined: 06 May 2005
Posts: 601
Location: Barbados

PostPosted: Sun 15 Feb 2009, 14:12    Post subject:  

FYI. What allows ophcrack to crack windows passwords 'quickly' is the rainbow tables are that included on the cd. The rainbow table set included in ophcrack is limited and can only be used with certain passwords. To be able to crack (or rather look-up) any windows password the entire table set would be needed which is gigabytes in size.

If we are looking for the same speed as ophcrack we would need to make the rainbow tables available on the puppy cd as well.
Back to top
View user's profile Send private message 
ttuuxxx


Joined: 05 May 2007
Posts: 10750
Location: Ontario Canada,Sydney Australia

PostPosted: Sun 15 Feb 2009, 14:18    Post subject:  

jcoder24 wrote:
FYI. What allows ophcrack to crack windows passwords 'quickly' is the rainbow tables are that included on the cd. The rainbow table set included in ophcrack is limited and can only be used with certain passwords. To be able to crack (or rather look-up) any windows password the entire table set would be needed which is gigabytes in size.

If we are looking for the same speed as ophcrack we would need to make the rainbow tables available on the puppy cd as well.


I didn't know, I just read that he need it a application compiled and I compiled it, I didn't read up on it, LOL did you check out the vista 9 52GIGS of tables ya ok how would you move that around and how long would it take? maybe a portable hard drive.
http://ophcrack.sourceforge.net/tables.php
ttuuxxx

_________________
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games Smile

Back to top
View user's profile Send private message Visit poster's website 
jcoder24


Joined: 06 May 2005
Posts: 601
Location: Barbados

PostPosted: Sun 15 Feb 2009, 15:04    Post subject:  

Ophcrack would work fine without the tables but it will be via bruteforcing the password. The time to crack a password via bruteforce could be better spent after resetting the password via chntpw.
Back to top
View user's profile Send private message 
ecomoney


Joined: 25 Nov 2005
Posts: 2183
Location: Lincolnshire, England

PostPosted: Fri 20 Feb 2009, 07:25    Post subject:  

Ttuxxx, thanks for compiling this. I must confess I dont have a use for this myself (I generally just boot puppy, copy the data off to an external hard drive and format with gparted Laughing Very Happy ), but I know it would make a great tool for many of the other poor failing xp technicians in my area, and maybe help bring them over to linux.

How does the ophcrack livecd deal with these rainbow table thingies?

Ive just tried this package on Puppy 4.2 Beta 1 and it installed fine, but I thankfully dont have any xp installations to test it on!

Would it be possible to remaster a puppy version with this built onto it? I could post a link on the ophcrack forums and get them to work on it. The size of such a remaster would be a quarter of the size of their current offering, and would offer a full operating system environment as well!

_________________
Puppy Linux's Mission

Sorry, my server is down atm!
Back to top
View user's profile Send private message Visit poster's website MSN Messenger 
Display posts from previous:   Sort by:   
Page 1 of 2 [16 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Suggestions
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1081s ][ Queries: 12 (0.0093s) ][ GZIP on ]