Archive for June, 2010

“Recover win XP password”

Imagine you forgot your Win XP admin password and you have been completely locked out of your own machine.
More worse your friend lost(forgot) his you get into his room when  he is just a few seconds into reinstalling the system a fresh how would you help him?
Well there are so many way to recover the password but in this post I will share What I demonstrated at our JLUG meeting.

It’s an old trick but it worked fine.[click on the images for a better view]

step[1]
——-
boot the system with a Linux live CD or flush drive(USB)in my case I used BT3 Final,login and open a terminal and you are ready to go.

logged_in screen shot
step[2]
——-
Locate the partion where win XP has been installed most probably /mnt/hda1 for IDE hdd and /mnt/sda1 for SCSI hdd they will have been automatically mounted if not don’t worry do this:
check what you have in /dev,locate hdaX where X is 1,2,3…n.Then find whichever host the windows installation i.e you can mount each of them and find out what it has(the correct one should have windows system folders like %SYSTEMROOT% usually c:\Windows\system32):
>ls /dev/ | grep hda  #this command looks for hda partitions available
>mkdir /mnt/windows && mount /dev/hdaX /mnt/windows #this creates a dir “windows” in /mnt and mount your partition on it replace X accordingly from now hence4th our partition is mounted in /mnt/windows/


step[3]
——-
>cd /mnt/windows #move to our directory (not necessary)
>ls #this displays what is there
Win XP stores password information in the two files ‘sam’ and ‘system’ you will find them in /WINDOWS/system32/config
so we create our temp directory at home and a copy of the two files
>mkdir ~/tmp  #create a tmp dir at home
>cp /mnt/windows/WINDOWS/system32/config/sam  ~/tmp/ #copy sam to ~/tmp
>cp /mnt/windows/WINDOWS/system32/config/system ~/tmp/ #copy system to ~/tmp
>cd ~/tmp ; pwd ; ls #go to our new dir confirm that we are really there n display what we have there(sam & system)


step[4]
——-
now we use a tool called <bkhive2> on the hives (system) into a file we lets call it key ,another one called <samdump> to dump the hashes or something(SAM)  from the key put them into a single file let us call it pass and finaly use <john the ripper> to crack the password and we are done![thats how I understood it]
now from /mnt/tmp:
>bkhive system > key #you might not not see confirmation info
>samdump2 sam key > pass


step[5]
Now lets launch jtr or john if you like and direct and pass to him our password file and see him in action he can detect many algorithms NTLM,MD5 name them (google):
>john –incremental ~/tmp/pass #most likely you will have to launch john from were it is but type john and you get some info on what to do as for me I had to use:
>./john –incremental ~/tmp/pass #I was in john’s installation Directory
If you are lucky enough you should have you cracked passwords in seconds depending on how powerful is this machine,how strong is the password etc etc.

My machine is dearly slow by the twenty third second it had not cracked the simple password look into john for more faster means there lot of stuff use word list,cracking mode,loading only important passwords etc hope you mind is open dig more there is a lot .
IMPORTANT:there are better ways to get admin privileges in an XP machine than this using the same backtrack .This is only made to add on you knowledge.

for more on each of the above commands make good use of the man pages and Google bye bye

brought to you courtesy of ch!m3ra and JLUG

=====================http://www.chimera40.wordpress.com====================
enjoy responsibly
[snip]

mysql r00t password reset

==================================================================================================================

Here is a quick and a clean one on Debian installation mySQL version 5.0 sever I did this successfully without necessarily having to soil my hands

sorry no screen shots 😦

[step1]

from the prompt enter:

root@chimera:~# dpkg-reconfigure mysql-server-5.0

If all goes well you should be prompted to give the new root password

[step2]

re enter the root password and accept(usually by simply pressing <Enter> )

the mysqld demon will be stopped for and restarted once more and thats all there is 🙂

you should see something like this

root@chimera:~# dpkg-reconfigure mysql-server-5.0
Stopping MySQL database server: mysqld.
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..
root@chimera:~#

finally logging to the database and have nice time:

root@chimera:~# mysql -u root -p
Enter password:*******************

(your password will not be displayed as you type)

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 36
Server version: 5.0.67-0ubuntu6 (Ubuntu)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show databases ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
|                    |
+--------------------+
6 rows in set (0.00 sec)

mysql> \q

Bye

root@chimera:~#

NB:As you can see “your” tables will not changed at all

by the way if are bored of this local stuff  you may have a look at this

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

brought to you coutersy of ch!m3ra and JLUG

===================================================================================================================

Welcome

Welcome to my blog.

I think its time we share the little we know with those who are ready to. In my own view this was one of the places to do this.

So in this blog I would like to share  the tricks  I  find on my way to “the blue nowhere”(google this)I  scheduled to present some of them at the coming JLUG meetings and some of them  have already been presented. If you wish to get the action live then come lets meet at and share together at JLUG. So to cut the long  story short jump to the hack_docs category please remember to leave a comment anything is welcome.