How to Crack Windows Administrator Passwords

Some times it necessary to know admin passwords in schools ,collages to log in with admin privileges to do various things

There are many way to crack passwords. But in this tutorial I will explain a very basic method using a single tool to crack windows password . This might come handy in places like schools ,collages where you cant use your live Linux cds , usb ..etc because your being watched

Things we need :

1. Pwdump or Fgdump to extract password hashes In this tutorial I will be using Pwdump

Extracting Password hashes :

1. Open My computer and go to

C:\Windows\system32 .

now place the Pwdump file which we download earlier

 

2. Now open command prompt and navigate to

C:\Windows\system32 \Pwdump

Using cd command and click enter

Example :

Cd C:\Windows\system32 \Pwdump

 

3. Now you can see a list of Pwdump commands as shown

4. Now enter pwdump – localhost >>“ destination of output file “ (for 32 computers) and pwdump -x localhost >> “destination out put file “(for 64 bit computers )

Example :

Cd C:\Windows\system32 \Pwdump localhost >> C:\hashes.txt

Cd C:\Windows\system32 \Pwdump -x localhost >> C:\hashes.txt

5. Now open the Out put file you can see the names of the different users with password hashes Now copy the hashes corresponding to the admin account

Cracking The Hashes

Considering that we are in school/collage were we cant use tools to crack passwords so as an alternative we are using online password cracking sites

1. Go to online password cracking sites like www.cracker.offensive-security.com , www.onlinehashcrack.com and paste the hash select hash type as LM and click decode

2.By this way we are able to crack windows password using a single tool

Note:-

If your not able to crack password hashes online use tools like john the ripper to crack password hashes . You can even copy the hashes and decoded it in your house

About The Author

This article is writen by John Jeffery, He is the owner of Hackholic where he writes security related stuffs, If you are interested in writting a guest post on RHA, Kindly read the guidelines here

11.486111 77.890120

 

Network Security Audit – The Benefits

Network security audit, also known as network security assessment, refers to the process of determining the security shortcomings on your network. The process is critical for a business because sensitive or critical information on a network cannot be adequately protected if you do not know what type of vulnerabilities or security holes exist on the network.

Security auditing and assessing of your network is not a one-time event. Security assessments should be ongoing because networks are constantly changing as new devices are added, configurations are changed, and software is updated. With any type of security assessment, the network layout must first be determined. The network security audit must accurately determine the extent or topology of your business network. This is includes the type of devices, the operating system in use on the devices, and what updates that have been applied. Also, you must determine what the critical information assets are and where they are located on the network.

Without this information, a network security audit is of little value because you cannot be sure to have completed a security assessment of the whole network or that you have evaluated the most critical components of the network where the most sensitive information is stored and accessed. Of course, there is much more to performing a network security audit, but these few elements are essential to make a proper evaluation of your corporate network’s security.

Benefits of Network Security Audits

Network security audits help identify vulnerabilities on your network and network devices including:

1. Running services – Any service that is running on a network device can be used to attack a system. A solid network security audit would help you identify all services and turn off any unnecessary services.
2. Open ports – A network security audit will help you identify all open ports on network devices and, just like running services, all unneeded ports should be closed to eliminate the possibility of being used to attack a network device.
3. Open Shares – Any open share can be exploited and should not be used unless there is some essential business purpose for it.
4. Passwords – Assessments/audits should evaluate the enterprise password policy and ensure that the passwords used on the network devices meet the business password policy of password strength, frequent change, and other requirements.
5. User Accounts – During the audit, you must determine which user accounts are no longer being used so they can be removed or disabled. Unused user accounts allow for someone from inside or outside the network to attack and take over the account or may be an indication of a successful attack of the network.
6. Unapproved Devices – Unapproved or unknown devices such as iPods, Smart Phones and Wireless Access Points installed on your network must be detected in an audit. Any or all of these, as well as other devices, can be used to attack the network or steal data off the network.
7. Applications – The type of applications being used on a system should be identified during this process. If any dangerous applications are found running on a system, they should be removed. Also look for software programs that run automatically because they can be an indicator of a malware infection.

Security audits should be done on an ongoing basis. Without recurring security audits or assessments, these new vulnerabilities may not be discovered and patched to keep the computer system secure. Also, such audits should not be done manually because if administrators fail to apply certain scans, vulnerabilities in the operating systems or in installed applications can be exploited.

Using vulnerability scanners makes the task of a security audits or assessments much easier and safer. These tools automate part of the process and allow administrators to analyze the results and determine what issues should be addressed first and in which priority the other security issues should be handled.

By identifying these types of vulnerabilities on an ongoing basis, you will be adding an extra layer of protection to your network. Because network security applications and services are constantly being updated, it is of great importance to apply one of the latest security scanners and use it on an ongoing basis, together with the expertise of knowledgeable security staff to evaluate the status of your network security.

About The Author

This guest post was provided by Sean McCreary on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI network auditing software

11.486111 77.890120