Time
40 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Hello, Martinez, Dustin and welcome to password cracking.
00:05
Now that we've gone over cracking passwords with John the Ripper, another tool we can use on Windows machines, that makes it really easy. It's called hash sweet, and that's one that's actually recommended by the developers John Ripper. It does have a gooey and a ton of options, just like,
00:23
um, John.
00:25
And it will actually, all the hash is on a Windows machine that it's installed on, and then it can start cracking them from there. So let's go ahead and we're gonna hop in our Windows box. We've got a couple of users and we're gonna try and crack their passwords.
00:43
All right, so we do have our Windows box pulled up Now, Um, I have downloaded half sweet. That's something you can get online for free. They do have a paid version as well. There are a few restrictions of the free one. It can only crack passwords up to six characters. So I did change some things around with our users
01:02
to make sure that they only have six characters or less in the past hours just for this lab example.
01:07
But all you need to do once you install it is, go ahead and open it up
01:11
and you just double click it. And as you can see, it opens up to a nice gooey. We don't have any users or anything loaded yet, so let's go ahead and load the user hashes from this machine.
01:22
It's super easy to clip the little key a need top left
01:26
and in court, and we're gonna import local accounts. So you do have the options to open our import users from remote accounts. Ah, file that you've got from, like, many cats or something like that Or actually, WiFi captures as well. So let's when import our local accounts.
01:48
All right, these are the Ellen Passions were gonna go to the er N T l m.
01:53
You can see we've got a few users here and from our re con. I'm just going to show you this real quick. We did create a custom word list,
02:02
and that's why it's always good to do your recounts. We've got a couple of words in here that we think they may be using for passwords like office bears, jello, quad desk, mega desk and scrammed, and then a couple passwords down there at the bottom. So this is anything you can create. There's like I mentioned for pre built
02:21
wordless or dictionaries that you can use,
02:23
but we're gonna use this one.
02:27
And so all we need to do here is goto our word list
02:30
selected down. And normally you do add
02:32
and you just have the file. So ours is the custom word list,
02:38
all right? It's already added, So it didn't like that. Um, but here you can see Maxim character sizes one all the way up to six, and then you can also choose to use rules. And these are the same kind of rules that a lot of other password crackers have,
02:53
so you can copy. As you can see, it's just the words directly from
02:58
the word lister dictionary.
03:00
You can lower case you can uppercase,
03:04
and if you kind of high hover over each one, it will give you a little example of how it does it. So this one's capitalized every word, so it takes any any words and put the capital in the first front first letter. And so you can do all sorts of stuff. Seek and lower case certain characters you can add of the year.
03:22
Typically, a lot of people will add, like the year or the month
03:24
to their password to help them remember it. Steve. Also about, like, meat. Speak where you turn on a Zonda at symbols of things like that. So let's see how easy this is. We're just gonna go ahead and hit, Start using our custom. We're list.
03:42
And
03:43
that was super quick. So it actually already cracked a ll three of those user's password. You can see it has the user name the hash for it and the passwords. So that's how simple this is, especially on a Windows machine. Do keep in mind these are really easy passwords. Obviously,
04:01
if you did have more difficult passwords,
04:04
uh, with more characters or your dictionaries not as complete, it's gonna take a lot longer

Up Next

Password Cracking Tool Fundamentals

In Password Cracking Tool Fundamentals, Dustin Parry takes you through different aspects of securing passwords and techniques deployed to crack passwords. These techniques can be deployed by IT technicians to check the password strengths, and it can be used by pentesters and attackers alike.

Instructed By

Instructor Profile Image
Dustin Parry
Network Security Engineer
Instructor