System Hacking - p.6

Lab  5

Extracting SAM Hashes Using PWdump7 Tool

Pn ׳dump7 can also be used to du/uppmtectedpiles You can always copy a used'ft/e b)[just executing
pnduffp7.exe -dc\lakedf11e.dat backjip-hxhdfiledot Icon key

Lab Scenario

Passwords are a big part ot this modern generation. You can use the password for your system to protect the business or secret information and you may choose to limit access to your PC with a W indows password. These passwords are an important security layer, but many passwords can be cracked and while
that is worry, tliis clunk in the armour can come to your rescue. By usingpassword cracking tools or password cracking technologies that allows hackers to steal password can be used to recover them legitimately. in order to be an expert ethical hacker and penetration tester, you must understand how to crack administrator passwords. in tins lab, we discuss extracting the user login password hashes to crack the password.

Lab Objectives

Tins lab teaches you how to:
■ Use the pwdump7 tool
■ Crack administrator passwords

Lab Environment

To carry out the lab you need:
■ Pwdump7 located at D:\CEH-Tools\CEHv8 Module 05 System Hacking\Password Cracking Tools\pwdump7
■ Run tins tool on Windows Server 2012
■ You can also download the latest version of pwdump7 from the link http:/ /www.tarasco.org/security/pwdump 7 / 111dex.html
■ Administrative privileges to run tools

■ TCP/IP settings correctly configured and an accessible DNS server
■ Run this k b in Windows Server 2012 (host machine)

Lab Duration

Time: 10 Minutes

Overview of Pwdump7

Pwdump7 can be used to dump protected tiles. You can always copy a used file just by executing: pwdump7.exe -d c:\lockedf11e.dat backup-lockedf11e.dat. Icon key

Lab Tasks

1. Open the command prompt and navigate to D:\CEH-Tools\CEHv8 Module 05 System Hacking\Password Cracking Tools\pwdump7.
2. Alternatively, you can also navigate to D:\CEH-Tools\CEHv8 Module 05 System Hacking\Password Cracking Tools\pwdump7and right-click the pwdump7 tolder and select CMD prompt here to open the
command prompt.

FIGURE 5.1: Command prompt at pwdump7 directory

3. Now type pwdump7.exe and press Enter, which will display all the password hashes

FIGURE 5.2: pwdump7.exe result window

4. Now type pwdump7.exe > c:\hashes.txt 111 the command prompt, and press Enter.
5 Tins command will copy all the data ot pwdump7.exe to the c:\hashes.txt file. (To check the generated hashes you need to navigate to the C: drive.)

FIGURE 5.3: hashes.txt window

Lab Analysis
Analyze all the password hashes gathered during die lab and figure out what die password was.

Questions
1. What is pwdump7.exe command used for?
2. How do you copy the result of a command to a file?