Ethical Hacking – Windows
Hello everyone in this video we’ll start with the first topic of Windows hacking that is Windows password storage policy so before getting into windows hacking we must know that how windows store ever password so Windows operating system stores our password in the form of hashes and these passwords are present inside Sam files so the Sam file stands for a system account manager and this file is responsible for containing our password so the directory in which this file Sam file is present is here you can see it’s a C local disk C Windows then system 32 config and Sam so we can find this file Sam file in this directory now let’s talk about some features or affect about Sam file so the Sam file system account manager is one of the most secure file in Windows operating system so why it is more secure file now let’s talk about it so the San files can’t be opened can’t be edited and can’t be copied if the Windows operating system is running which means if we are using a Windows operating system then we can’t copy this file we can’t open this file and we can’t even edit this file so this is the first security feature of this file then the next feature is because we know that this Sam file contains the password in the form of hashes so what we can do we can over crypt this file in order to make it more secure so you can see here that it can be over kept by Windows using special features so these are the two security features of San file but in order to find the password from the Sam file or in order to see that what is the content which is present inside the Sam file we need one more file that is called a system so the system file actually contains key which is used in order to see the content of Sam files so as a hacker we need two files the first one is Sam file then the second one is system file in order to find password from the Sam fight so these all things make a Sam a good account manager so now let’s see how we can copy the Sam file and can crack or find the passwords from Sam file in our system now let’s copy Simon system file in order to find password of a particular user so I’m using Windows címon operating system in my virtual box so you can see here so the reason behind it that I’m using this window salmon boarding system because in Windows 8 and Windows 10 the way Microsoft stores passwords in window is totally changed due to the association of Microsoft account so that’s why I’m choosing this Windows 7 operating system as my first target well I told you earlier that the Sam file contains the passwords and there is one more file called a system which contains the key to open that Sam file and one more thing I told you that we can’t copy a SAM file we can’t edit it and we can’t modify the same file when the system is running but is there any way so that we can export the same file yes there is so what we have to do is in the just run bar just right here regedit and click on yes so this will open a registry editor for us so here you can see that the registry editor so then we have to go here to the H key local machine and here you can see there are two folders or the files Sam and system so what we can do is we can export both of them so just right click over here click on export you have to give a location so just right here Sam and here we have to do little modification we have to change its type to registry hi files click on save and you will see here that on my desktop assign file is exported similarly knowledge export system file click on export so we have to give right the same name system and we have to change the file type also to the registry hi files click on save so you can see here that the system file and the Sam file is present now what we have to do is in order to open these files and in order to crack and find the passwords inside them we have to download one tool that is called as kan and Abel so you can download this tool from here from oxide I T and Cain so this tool is very powerful tool in order to do cracking and we can also do some wireless attacks by using this tool so just click over here download Cain and Abel for a Windows and I have already downloaded this to my Windows operating system so you can see it here now let’s install this tool so this tool requires also additional there are drivers of WinPcap so you also have to download it and install this software WinPcap click on finish and here you can see that on my desktop the tool icon is present so let me just open it up and it requires and administrative privileges and when every time you start this tool this will give you this warning that Windows Firewall is enabled so you have we just have to ignore this click on ok and here you can see the main menu of this tool there are lot of sections like decoders network sniffers crackers we can even trace a particular trace route then wireless and Kure so but for the time being we are interested here in the cracker and as I told you earlier that in Sam file our windows passwords are stored in the form of LM and ntlm hashes so once we are here inside the cracker menu we have to select this one LM and ntlm hashes so once we click over here and then we have to click over here this plus icon in order to add a Sam database along with the system file so click over here so the first option is import but we want to import from a Sam database because we already have a Sam file so click over here import hashes from a Sam database and here we have to give a Sam file location so it’s on my desktop so let me give the location and then here you can see a boot key so it’s a system file so we have to give a location of a system file also and here you can see that the key comes so let me copy this key click on exit and let’s paste this key here and click on next so here you can see that our Sam file is opened inside this tool you can see here a user names and along with the element NT hash and here you can see that currently there are three users in my Windows 7 operating system administrator guest and root so now let’s just verify so here you can see that right now we are logged in as a root so what we will do first of all we will find the password this user that is root and here you can see that if I select this one root and in the column of element NT hashes you can see here there are two hashes associated with this user which means this user is password protected now in order to find a password or in order to crack a password of a particular user there are different password guessing attacks so the first one is dictionary attacks then the second one is brute force and so on so in dictionary attack what happen is there is one dictionary file which contains lot of words so we will pick one word and then we will make element e hash of that word and then we will match that element e hash value along with this value and if the value matches then we are successfully able to find the password the another kind of attack which we can do is brute force attack so in brute-force attack we actually make a combination of different letters and digits in order to create ntlm hashes and then we’ll match a value and then another kind of attack is also called as a rainbow tables attack but here in this video we will do a dictionary attack and then we’ll try that whether we can find the password of this user or not but in dictionary attack there is one limitation that we can only be able to find a password of a particular user if the password of that user will be present in that dictionary file so there are lot of online websites from where you can download a long dictionary file which contains million of passwords but in this tool can enable so when we download this tool and if we just go here inside its directory so let’s go here to the Program Files and here is its folder and if I open it up it also contains a one directory called as word list in which it contains lot of passwords which we can use in order to find a password of a particular user but I already have one word list file so I am using that file in order to find a password so what we have to do is just right click over here here you can see that there are different different attacks dictionary attack brute-force attack cryptanalysis attack so now let’s go here prediction area attack and then we have to sell ntlm hashes click over here and here we have to give the location of a dictionary file so just right click and click on add to list and my dictionary file is present in my documents so I have selected this file and click on open so here you can see that a dictionary file is added now what we have to do is we just have to click on start and here you can see that it started searching passwords and here you can see a password per second and dictionary position so 37% of dictionary file is completed password so here you can see that it’s a ntlm hash of the password of this account and the value is 2 which means this is the actual password which I have settled for this account and here you can see that attack stopped hashes cracked and here you can see that it’s a password now click on exit now let’s just verify and I’m just writing here twr hit enter and here you will see that we are successfully able to find a password by using dictionary attack so similarly you can also use different attacks like crypt analysis rainbow table attacks and brute force attack also so in this video we have discussed that how we can copy Sam and system file and how we can find password by using dictionary attack so thanks for watching this video …
We acknowledge that this video belongs to the author and thank them for it’s use.
Copyright Disclaimer under section 107 of the Copyright Act of 1976, allowance is made for “fair use” for purposes such as criticism, comment, news reporting, teaching, scholarship, education and research. Fair use is a use permitted by copyright statute that might otherwise be infringing..
As found on Youtube