before stepping into the tutorial is worth a little strings attached to need to know basis. basically, the user password for windows (vista included) stored on an encrypted file in the directory system32/config. This file (SAM) can easily be decrypted and viewed its contents. ways that are often posted on the net is to use multiple console applications like samdump (or newer samdump2) to decode the SAM file and make open Syskey encription on file.
user and pass can still blom diketahuisecara palpable, because the data is stored using a hash code that still requires effort to "reverse" a hash value into actual value (um ... mugkin more accurately find the combination of the value of what can generate the hash.) brute force method is sufficient resource and time consuming, but it first:) application crack passwords already pretty good right now especially with the availability of crack rainbow method using rainbow tables, the original hash code value can be known in a matter of seconds (Ntar Explain again deh).
why in the title i severance XP maa vista. this is because the method hash is different in XP and vista. Windows XP (and Windwos sbeelumnya, save passwords using the LM hash which tend to be more easily compromised, while the visa NTLM hash method, which tends to be more secure. despite using rainbow tables, still need a resource table that is adequate to hack vista password. oia, table size is also large enough loh:) * well no pain no gain.
for windows XP, there are 2 versions of XP gratinya free fast the focus to the search speed, and XP free small resource-focused ntuk memor smaller. kecua this free table is enough to find the passwords of all combinations of numbers, lowercase and uppercase. while a special table and table-sized masing2 Germany 7.5 GB which is needed to find a password with a combination of symbols and special characters germany.
whereas for tables vista, free veri only available a table that can search kombinas based dictionary search and its variations. This table is good enough to look for common passwords diunakan laymen and not too long. for a larger set of tables, there are special vista that is capable of searching based on a combination of characters untu 8 character password combinations. table size of about 8GB, is to chart a more baeik again, armed with the ability to search for a combination of 9 characters until size 52 GB.
big enough? for those who are not involved in the field of security, mngkin. but for security auditors this table is quite useful ^ _ ^ like i said no pain no gain. registration table as if to say "NTLM hashes of course more difficult in the hack, but it can be done if mo sacrifice"
well, since this is to learn, guns have to buy a table, make a gratisa aja. XP is a very qualified to see the culture of people who use pass indo rarely complicated, try right-left-deh friend asked, there are that make pass make-symbol?that if also make pass for vista is a little drawback because of limitations tables abilities, but in indo is already enough searches and dictionary-based variation
tables can be downloaded at the site Ophcrack
okay, now time to get into the tutorial which I mean in this tutorial, because it is for the purpose of simplicity, I make Ophcrack 3.1 that already make a GUI (pan uda mo make an appointment if GUI. for the test bed I make OS backtrack 3 that I boot from USB FD. oia, because Ophcrack make QT GUI, so backtrack I'll add the QT module can walk, I can read in previous post. for those who want ribet ga can download Ophcrack liveCD available in sitenya. in sie download also available application windows version, times aja want to hack the admin password using that for computer lab which incidentally are usually already in the lock so can not boot from cd or USB
