Posts: 5
Threads: 1
Joined: Nov 2021
I don't know if it's the right place to ask but,
I've tried diffrent SAM dumpers and i never succeded to crack my windows password (even though it's only numbers)
Here is the command i'm using :
Code:
hashcat.exe -m 1000 -a 3 -w 3 -O --outfile result.txt hashes.txt.sam --increment ?d?d?d?d?d?d?d
I hope someone will be able to help me
Have a good day
Posts: 7
Threads: 1
Joined: Nov 2021
(11-24-2021, 10:05 PM)Moreo Wrote: I don't know if it's the right place to ask but,
I've tried diffrent SAM dumpers and i never succeded to crack my windows password (even though it's only numbers)
Here is the command i'm using : Code:
hashcat.exe -m 1000 -a 3 -w 3 -O --outfile result.txt hashes.txt.sam --increment ?d?d?d?d?d?d?d
I hope someone will be able to help me
Have a good day
Are you sure you have the right hash in your hashes.txt.sam?
The format of pwdump is the following:
somewindowsuser:500:AAD3B435B51404EEAAD3B435B51404EE:4X8XDX5X8X7XXXXXXXXXCXDX0X4XBX27
^ ^ ^ ^
Username RID LM Hash NT Hash
You have to put only the NT Hash into your hashes.txt.sam. In this case, it would be 4X8XDX5X8X7XXXXXXXXXCXDX0X4XBX27
You will see the same LM Hash as I posted here, as it represents an empty LM Hash. That's because Windows 10 doesn't support LM anymore (unless you enable it again. Idk if that's possible).
Your NT Hash should be different tho.
You don't even need the --increment option, as you know the length of the password. Just use the right amounts of ?d and it'll be fine.
Posts: 5
Threads: 1
Joined: Nov 2021
Even with only the NT Hash, it still tells me 0/1 recovered, I don't know if the problem comes from my hashes or if my hashcat has a problem
Posts: 7
Threads: 1
Joined: Nov 2021
(11-24-2021, 10:57 PM)Moreo Wrote: Even with only the NT Hash, it still tells me 0/1 recovered, I don't know if the problem comes from my hashes or if my hashcat has a problem
Hm, okay. Let's try it with a dictionary attack. Try this hash: 8846F7EAEE8FB117AD06BDD830B7586C
This is the NT(LM) Hash of the string "password". Try it with rockyou.txt
./hashcat -a 0 -m 1000 '8846F7EAEE8FB117AD06BDD830B7586C' rockyou.txt
If this works, try to put in your password of the hash you want to crack into the rockyou.txt and try to crack your hash again.
Posts: 5
Threads: 1
Joined: Nov 2021
It can find the password hash but it can't found my password, even though it's in rockyou.txt. I think the problem really comes from hash, but I don't know how to get it properly
Posts: 7
Threads: 1
Joined: Nov 2021
(11-25-2021, 08:04 PM)Moreo Wrote: It can find the password hash but it can't found my password, even though it's in rockyou.txt. I think the problem really comes from hash, but I don't know how to get it properly
Are you 100% sure you have the correct plaintext in the wordlist? Otherwise it doesn't make sense to me.
Remember, it's NOT the hash of your windows hello pin (if you have configured that), but the hash of the password of your (microsoft/local) account
Posts: 5
Threads: 1
Joined: Nov 2021
Well, i think it's the right hash, i get it from a file that is exactly username:id:emptyhash:thehashi'msearching
and, i put the pin i use to log in my windows every time i launch it
Posts: 7
Threads: 1
Joined: Nov 2021
11-25-2021, 09:21 PM
(This post was last modified: 11-25-2021, 09:21 PM by kuyaya.)
(11-25-2021, 09:15 PM)Moreo Wrote: Well, i think it's the right hash, i get it from a file that is exactly username:id:emptyhash:thehashi'msearching
and, i put the pin i use to log in my windows every time i launch it
As stated above, the hash you try to crack is not the hash of the
PIN but the hash of the
PASSWORD.
Posts: 5
Threads: 1
Joined: Nov 2021
Oh, okay, so i've tried my MS account password, but still not working
Posts: 7
Threads: 1
Joined: Nov 2021
11-26-2021, 12:26 AM
(This post was last modified: 11-26-2021, 12:27 AM by kuyaya.)
(11-25-2021, 10:40 PM)Moreo Wrote: Oh, okay, so i've tried my MS account password, but still not working
Pff idk man. It seems to be cracking fine, as you were able to crack the example hash. You must be trying the wrong password or the wrong hash. Either of those.
Posting hashes is not allowed, so I don't really know how to help you anymore.