FAQ
Dear All,

I want to decrypt some user account's passwords in NT4 registry on PDC. Is
there any module that helps in this regards. I cant do it with
Wi32::TieRegistry. Please suggest me some possible ways..

Thanks in Advance

With regards
Raju

Search Discussions

  • John Edwards at Sep 6, 2001 at 8:41 am
    Passwords are encrypted using a one way system. i.e, there is no way to
    unencrypt the password hash. You can use a brute force attack on the
    password (you encrypt your guesses at the password and then compare the
    encrypted hash you generated with the one in the SAM, if they match, then
    you've guessed the password...)

    If you need to do that (and there is no real reason why you would need to,
    if you need access to a user's account then as a domain admin you can change
    their password. If the user has forgotton their password, then give them a
    new one.) take a look at Lophtcrack

    John

    -----Original Message-----
    From: Veeraraju_Mareddi
    Sent: 06 September 2001 09:30
    To: beginners@perl.org
    Cc: perl-win32-admin@listserv.ActiveState.com
    Subject: Password decryption of User accounts From PDC registry


    Dear All,

    I want to decrypt some user account's passwords in NT4 registry on PDC. Is
    there any module that helps in this regards. I cant do it with
    Wi32::TieRegistry. Please suggest me some possible ways..

    Thanks in Advance

    With regards
    Raju

    --
    To unsubscribe, e-mail: beginners-unsubscribe@perl.org
    For additional commands, e-mail: beginners-help@perl.org


    --------------------------Confidentiality--------------------------.
    This E-mail is confidential. It should not be read, copied, disclosed or
    used by any person other than the intended recipient. Unauthorised use,
    disclosure or copying by whatever medium is strictly prohibited and may be
    unlawful. If you have received this E-mail in error please contact the
    sender immediately and delete the E-mail from your system.
  • Veeraraju_Mareddi at Sep 6, 2001 at 9:18 am
    Dear All,

    I want to decrypt some user account's passwords in NT4 registry on PDC. Is
    there any module that helps in this regards. I cant do it with
    Wi32::TieRegistry. Please suggest me some possible ways..

    Thanks in Advance

    With regards
    Raju
  • Nexus at Sep 6, 2001 at 11:40 am
    OK, there are a number of steps you need to take.
    First off, you need to grab the hashes from the registry but the key has
    SYSYEM only perms on it - as an admin you need to give admin read perms on
    HKLM/Security. Then grab the hashes out of there
    (HKLM/Security/SAM/Domains/Account/Users or something AFAIR, not having an
    NT box about ;-) The hashes are created in the following way :

    LANMAN hash
    If password < 14 chars pad with NULL's to 14 chars
    If password > 14 chars truncate it to 14 chars
    Convert password to uppercase
    Split password into two 7 char halves (What were they thinking ;-)
    Create an odd parity 8 byte DES key from both halves
    An 8 byte fixed value is encrypted with each key
    Concatenate the two values to form a 16 byte hash
    The fixed value that it encrypted with each of the DES keys is the
    decryption
    of the value 0xAAD3B435B51404EE with a key of all zeros (yes, that is a bit
    of an arse-about-face way of describing it, but once upon a time MS were
    talking about copyright issues with the actual value - well, so word has it
    ;-)

    NT Hash
    Convert password to Unicode
    MD4 hash it to 16 byte value

    One thing to watch is that the unicode conversion used does not set the last
    NULL byte, ie "A" is just 0x41 0x00 rather than 0x41 0x00 0x00 0x00. Have
    a look at the L0phtcrack source code from
    http://packetstormsecurity.org/Crackers/NT/l0phtcrack/lcsrc.zip and the
    PutUniCode function in util.c for the full details - everything you need is
    in that sourceball.

    Cheers.

    ----- Original Message -----
    From: "Veeraraju_Mareddi" <rajuveera@satyam.com>
    To: <beginners@perl.org>
    Cc: <perl-win32-admin@listserv.ActiveState.com>
    Sent: Thursday, September 06, 2001 6:40 AM
    Subject: Password decryption of User accounts From PDC registry

    Dear All,

    I want to decrypt some user account's passwords in NT4 registry on PDC. Is
    there any module that helps in this regards. I cant do it with
    Wi32::TieRegistry. Please suggest me some possible ways..

    Thanks in Advance

    With regards
    Raju
    _______________________________________________
    Perl-Win32-Admin mailing list
    Perl-Win32-Admin@listserv.ActiveState.com
    http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupbeginners @
categoriesperl
postedSep 6, '01 at 8:35a
activeSep 6, '01 at 11:40a
posts4
users3
websiteperl.org

People

Translate

site design / logo © 2021 Grokbase