Cracking Windows Passwords

Cracking Windows passwords is not surprisingly a relatively simple process. Have physical access? Then you can crack a password. First ask yourself this question. Do I need to just get into this system or do I want the actual password. If you just need to get into a system you can easily use Kon-Boot or Offline NT Password & Registry Tool.

Note: Kon-Boot can now be used on Mac too.

With a few simple steps you can get into almost any system with either one of these tools.

If that’s not what you’re trying to do there are many other tools you can use to extract password hashes and crack them. Cain & Abel is one of these tools that will allow you to do both. If you are pen-testing your own system or already in a system with Kon-Boot/Offline NT Password & Registry Tool then you can open Cain & Abel and crack the passwords locally. If you can’t get past the login screen create a Kali Linux boot USB and you can use SAMDUMP2. SAMDUMP2 will allow you to dump the password hashes (located within C:\Windows\System32\config\SAM) to a text file. You can then use the dump on another system with Cain & Abel or Ophcrack (or whatever other password cracking utility you prefer). You may need a wordlist depending on the way your going to crack the password hashes. You can find some good ones on the PirateBay. If space is an issue there are many sites that now crack password hashes using there own wordlists (on they have multiple lists that are up to 160 GB in size). Another advantage to this is you will not have to use your own system resources to process the hash. Which is great if you have a crappy GPU or none at all!

Note: Make sure you turn off your Anti-Virus or create an exception for Cain & Abel. Most Anti-Virus software will see it as a virus.

Getting Hashes from Linux Systems:

Usually password hashes are in /etc/shadow. There is also a way to print these passwords to the terminal window using mkpasswd (you have to install this first using sudo apt-get or yum depending on your flavor of Linux). I can’t remember the exact terminal commands to do this but I will update the article when I find the resource I used to do it last time.

Here’s a quick video I made on cracking Windows passwords using Cain:



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.