HACKING INTO COMPUTER SYSTEM ON LAN (Lesson 8)

For Cracker -
In this topic we will se that how we can get access to different user accounts on Local Area Network running Windows 98 / Windows XP.
Here we will discuss the simplest method to crack password i.e. the software way.

You need to have the following software’s –

1). Caine & Abel for Windows 98
2). LC5 for Windows XP

How to use these software’s?

SCENARIO - A LAN in which every system (not necessarily) is running on Windows 98.

Now in order to use the LAN features every user must have a Login Username and Password.

Whenever a user creates an account or enters his username and password (for login purpose) the value is stored or compared from a “PWL” file respectively. This file is saved in c:\windows directory and is easily accessible to every user on the LAN. E.g.: I am a user and my login name is “crack”, so the format or name of the pwl file will be “crack.pwl”.

So all you need to do is copy this pwl file on a floppy, cd, pen drive, or any other medium you desire.

Now open this pwl file in Caine & Abel and run the attack (dictionary or brute force). Depending upon the password length the software will take its time to break the code.

Never run this software on a slow machine as it would take weeks to crack a single password.

In Windows XP the case is little bit difficult. The password is stored in SAM file. There are three copies of SAM file in XP – One in Windows\system32\config, another in Windows\repair and the last one is stored in windows registry.

You will not be able to see or copy these files or values while Windows is running.

So Boot your system using a bootable disk i.e. in dos mode and copy the file.

Once you have the SAM file open it in LC5 and it will take care of the rest.

Another possible way is – Just install LC5 on the target system and it will tell u all the usernames and password stored in that particular system. But it’s not feasible because LC5 can also take days to crack a single password (depending upon the password length).

FOR USER –

In order to safe guard your account all you need to do is just set a lengthy password containing alphabets, numbers and one special character i.e. @#%^*&(*().

And kindly change your password on a periodic basis.

Posted by $

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)