how to HACK a password // Windows Edition
Key Takeaways
This video demonstrates how to hack a password on Windows using tools like impacket secrets dump and Hashcat, and discusses mitigation techniques and security measures to prevent such attacks.
Full Transcript
in this video I'm gonna hack Michael's password on his Windows computer and I'm going to show you how it will involve grabbing his password hash and cracking it with tools from Kali Linux so we're gonna wait for him to go to the bathroom he normally leaves his computer unlocked which is really bad don't do that so we're gonna wait and watch and then we're gonna rush in there all right there he goes he's going to the bathroom all right this is our window come on come on come on let's go I forgot my comment okay okay now we can hack I must build it [Music] wait what no disclaimer what I'm about to show you is a real hacking technique and should only be used ethically meaning you have explicit permission and you're following all the rules and in this situation I'm Michael's boss so I make the rules so right now I do have full access to Michael's desktop but only for a moment if I want to have it forever I need to find his password but there is one problem though Windows doesn't just store his password plain text on the system it's stored inside a hash like most modern systems and applications when you set up a password they don't store that password the way you see it like this no they don't do that they take it and they put it through a hashing algorithm and in the case of Microsoft it's the md4 hashing algorithm so they hash it up to where it will look something like this and that's what they store as your password it's not your password it's a hashed version of it and when you try to log in they put that back through their little calculation algorithm thing their hash and if it spits out the same hash that they have stored you're in we want that hash we need it and while it won't immediately tell us his password it will we'll crack it and actually later I'll show you how we can just use the hash itself to do some pretty gnarly things it's kind of crazy now to get his hash it's found in a systems registry it's in two places let's get it real quick I'll go to my search bar and search for reg edit there it is right there notice I am getting a UAC prompt I do have to be administrator good news is Michael is an administrator here we're looking at the hkey local machine and we want the Sam and system Keys now I could export them here but we don't have time we have to hurry up so we're going to do a via command line I'm gonna launch my terminal as administrator and with one command I can grab them they'll be reg save specify the key hql M Sam and then I'll specify where to save it I'll just put it right here sam.save got it same thing for the system we'll grab system save that to system.save and we got it wait is that him all right I gotta be quick give you back at any time but I have to tell you how you can protect yourself from Bad passwords with Dashlane Dashlane is my password manager of choice and the sponsor of this video now I really hope that Michael has been using vashlane for his Windows password actually I kind of hope he has it it's gonna make my job so much harder to hack it now I love dashlamic if they make it really easy to create complicated hard to hack passwords for all your services and they'll tell you if it's not a good password and I'll make sure you have a unique password for everything that's probably the main reason people get hacked I'm really curious what Michael's password is we're gonna find out now honestly I should already know if Michael is using good passwords because I forced all of my employees to use Dashlane because I use it for my business I can look at their password scores make sure they're healthy and make sure their passwords aren't compromised on the dark web so check it out link below dashlane.com forward slash network chuck50 or you can use code Network shock 50 and you'll get 50 off don't be like Michael don't get hacked he's coming back soon okay let's let's get those going now all I gotta do is put this on a flash drive which I'm just not realizing I don't have I'll be right back let's go flash drive got one okay go go go go go go okay all right okay I'll open up my finder right here copy these two files save them to our flash drive or our external hard drive and we're good to go here I'm coming [Music] he doesn't even know what a sucker okay I've got him I'm gonna go plug them in my computer's my server room and there it is and there they are sam.save system.save I'm gonna take those copy and I'll paste them right here on my desktop bam there they are I'll jump to my desktop in my terminal CD desktop there's my two files now to get the hash out of these guys we're gonna use a tool called M packet Secrets dump that's a weird name it's built into Cali let's try it out and if you need to install it of course sudo apt let's just do a search before unpack it and you can find it pretty easily here's the command and pack it Secrets dump we'll do a dash Sam which is where Windows actually stores these ntlm hashes ntlm is their net logon manager it's it manages the password stuff and we'll specify our file sam.save and then we'll do Dash system and specify our system.save and local because we're parsing local files right here and let's try it out oh dude see all that there's a lot here let me uh make this more legible for you we have the hashes by the way we got the administrator hash and there's Michael right there the hash is actually right here this is what we need and we have it so I'm gonna grab this and save it create a file called hashes.txt paste it in there Ctrl X Y enter to save we got it now at this point we have the hash and we need to crack the password and if you've seen my password cracking video which if you haven't yet go check it out I detail a lot of what password cracking entails this is what it normally is you have a password hash and now we have to guess what the password might be for now if you recall from our example earlier we're kind of like Microsoft the Windows computer all we have is the hash and instead of waiting for a user to put the password in and go yep that's it we're gonna try a bunch of passwords like a lot and try and guess what the password is thankfully we have tools that can automate that and they'll be able to tell us what the right password is but we got to do a few things to make it work first we'll need a list of passwords that could be Michael's password and when I see a list I mean like thousands probably 20 000 passwords how do we do that there's a tool for it I'll show you here in a second but what we're doing here getting a list of passwords and trying them all with the tool that's called a dictionary attack and it's what most password crackers hackers use so when you hear about a data breach and people you know have their emails and their passwords compromised it's normally an email address and a password hash and these hackers will do what I'm doing right now get a bunch of well-known passwords or randomly generated passwords and just start going at it automate it let's try it real quick now to generate our list of passwords we're going to use a tool called cup which is really really fun check it out let's see if I have it installed nope do I want to install it sure yes cool that was easy so what we'll do here is Type in cup Dash I for interactive mode and what this will do is ask us questions about our Target name date birth date significant other Hobbies keywords it will use that information to generate a random list of passwords well not so Random so let's try it out first name Michael surname wall nickname my cool it won't do birthday partner's name Amanda Panda Asher pet's name Bree company name Network shock don't want some keywords sure let's do um Beatles he likes the Beatles summer 2023 monkeys Bible Jesus okay I think we're good special characters sure yeah let's do that leap mode don't know what that is saying no okay see that that was so fast it just generated 17 000 words and put it inside a file called michael.txt let's um let's cap that real quick cat michael.txt look at all that possible passwords that he might have so now let's see if he has that password for this we're gonna use a very popular cracking tool password cracking tool called hash cat I go deeper into how to use this in my password hacking video so we'll start a command we'll do a sudo hash cat we'll do a dash M to specify a hash type we're doing ntlm so it'll be 1000 that's again what Windows uses I know this from reading the man page then we'll specify our hashes we created a hash file called hashes.txt with Michael's hash in it and then finally our dictionary our word list michael.txt let's see how this works Ready set go 17 000 passwords let's try it okay there we go status cracked let's do that same command and we'll do a dash dash show and it should output for us the hash and the password in its database okay there it is that should be his password so we have his hash we have his password now what do we do we hack him when we get in we can use tools like evil Dash winrm which is as fun as it sounds we'll do a dash I specify his IP address now I do happen to know this because he's here at my office right and I could have figured that out doing ipconfig while I was at his computer so that's his IP address do username Michael Dash p I'll put in that password we found and let's see what happens shell right there who am I I'm Michael I'm in his computer right now yep that's his IP address that's a Windows machine pretty crazy right we can do something better let me exit out of there we can uh RDP with a tool x free RDP do a forward slash B for the computer forward slash shoot for the user password and that should be all I need let's try it out seems to be working [Laughter] got him how cool is that though now let me show you something crazier we cracked the password and I happen to know Michael so I could have generated that list and and you know had a pretty good list of passwords but we don't need it check it out our same command before evil win RM we could just do a dash H let me open up a new terminal and uh grab that real quick we'll grab that hash oh wait that's not a it's a capital h did you see that I logged in with the hash not even the password that's kind of crazy right it's called past the hash and we can do the same thing with the RDP sync command as before but instead of Dash or slash P we'll do a pth for past the hash paste the hash there there's a fly in here get out of here fly look it worked how amazing is that oh I lost it try it again we're back in he's gotta be freaking out right now so what I just showed you is how you can get a hash from a Windows computer and figure out the password from the hash or just use the hash itself to get access to a bunch of stuff it's kind of crazy it's powerful it's really fun but now let's move on to the defensive side of things let's talk about mitigation and this is actually good news for security people because the method I used here is already documented pretty well in the miter meter framework OS credential dumping with Security account manager sorry this flies driving me nuts you'll notice that hey we're dumping the same keys that they're mentioning so it's documented and they're even saying the tools that we may have used Secrets dump what but what's cool is they do offer mitigations disabling or restricting in tlm putting in password policies user training and they also give you detection stuff like you actually detect when people are doing stuff with their registry keys so that's good news and also full disclosure we had to do a few things to Michael's PC to make this work disable certain security features that prevented us from doing things now we did get the hash no problem we didn't have to do anything for that but in order for me to do the win RM command giving me a Shell I had to disable his firewall the Windows Firewall in order for me to do the RDP same thing firewall I also had to enable remote desktop and add Michael to the allowed users to access remote desktop and how to disable a setting in the registry called disable restricted admin which is a flawback in Windows 8 that they had to fix so we did have to do a few things to make it work so if you try to do this yourself you're like uh I'll put some information down below how you can like do this yourself with your own little lab it's pretty fun but just know default security posture of Windows is pretty good now it doesn't mean that what I've done here cannot be done by a pretty good hacker or that a user may just have computer that's wide open so I hope this video you saw another window into Windows of how vulnerable we kind of are but also how secure we are as well and also I wanted to address something because back in my password hacking video you know I talked about oh wait we can we can crack hashes but you're the number one question I got was how do you get those hashes well in this video I showed you how you could get those hashes at least a potential way and by the way I've only scratched the surface of what you can do here this is a very basic example a basic demo there's a whole big world to this that's all I got I'll catch you guys later
Original Description
Create passwords I can’t hack with Dashlane (unlike Michael): https://dashlane.com/networkchuck50 (50% off) with code NETWORKCHUCK50
It is surprisingly easy to hack a password on Windows. In this video, NetworkChuck will demonstrate how you can grab a password hash from a Windows computer and reveal the passwords with a tool called impacket secrets dump. Once we have the hash, we can use a password cracking tool called Hashcat (a popular tool in Kali Linux), to crack the password.
VIDEO HELP
---------------------------------------------------
Mitigation Techniques: https://attack.mitre.org/techniques/T1003/002/
SECURITY MEASURES YOU NEED TO DISABLE TO USE ALL FEATURES IN THIS VIDEO
-Disable “DisableRestrictedAdmin” (this allows winrm and rdp access with a hash): reg add HKLM\System\CurrentControlSet\Control\Lsa /t REG_DWORD /v DisableRestrictedAdmin /d 0x0 /f
-Turn off Windows Firewall
-Enable RDP and add user to RDP users group
🔥🔥Join the NetworkChuck Academy!: https://ntck.co/NCAcademy
**Sponsored by Dashlane
SUPPORT NETWORKCHUCK
---------------------------------------------------
➡️NetworkChuck membership: https://ntck.co/Premium
☕☕ COFFEE and MERCH: https://ntck.co/coffee
Check out my new channel: https://ntck.co/ncclips
🆘🆘NEED HELP?? Join the Discord Server: https://discord.gg/networkchuck
STUDY WITH ME on Twitch: https://bit.ly/nc_twitch
READY TO LEARN??
---------------------------------------------------
-Learn Python: https://bit.ly/3rzZjzz
-Get your CCNA: https://bit.ly/nc-ccna
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: https://www.instagram.com/networkchuck/
Twitter: https://twitter.com/networkchuck
Facebook: https://www.facebook.com/NetworkChuck/
Join the Discord server: http://bit.ly/nc-discord
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: https://geni.us/L6wyIUj
Amazon Affiliate Store: htt
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from NetworkChuck · NetworkChuck · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Network Chuck
NetworkChuck
Should I Use a Brain Dump on my CCNA/CCNP/MCSA Exam?
NetworkChuck
7 CCNA CCNP Study Tips for the New Year - 2017!!
NetworkChuck
CUCM Calling Search Spaces and Partitions: Explained with Star Wars
NetworkChuck
CCNA or COLLEGE? - Become a Network Engineer
NetworkChuck
How to Stop Procrastinating and Study for Your CCNA CCNP
NetworkChuck
Am I Smart Enough to Be a Network Engineer? - CCNA | CCNP Study
NetworkChuck
CCNA or Python? | Should I Become a Network Engineer or a Programmer?
NetworkChuck
CompTIA or Cisco? - Should I get the CompTIA A+/Network+ OR the Cisco CCNA/CCENT - Microsoft MCSA?
NetworkChuck
CBT Nuggets GIVEAWAY!! - Get Your CCNA, MCSA, VCP, Security+
NetworkChuck
3 Cisco CLI (Command-line) Hacks (CCNA) + CBT Nuggets WINNER ANNOUNCEMENT!!
NetworkChuck
Programmers Becoming Network Engineers? - Collab with SimpleProgrammer
NetworkChuck
Learning Python is HARD!! - CCNA | CCNP Network Engineer
NetworkChuck
You CAN Learn Python - 10 WINNERS!! - CCNA | CCNP Network Engineer
NetworkChuck
Is it still WORTH IT to become a Network Engineer? | CCNA CCNP
NetworkChuck
Should I Learn LINUX with the CCNA | CCNP? - Network Engineer
NetworkChuck
Am I Too OLD to Become a Network Engineer? Study for CCNA | CCNP?
NetworkChuck
How Much Money Do Network Engineers Make? - CCNA | CCNP
NetworkChuck
How Long Does It Take to Become a Network Engineer? - CCNA | CCNP
NetworkChuck
Network Engineer or Systems Engineer? CCNA or MCSA? VCA?
NetworkChuck
CCNA Exam: 2 Exams or 1? - ICND1 (CCENT) + ICND2 or CCNA Composite?
NetworkChuck
I am officially a CBT Nuggets Trainer!! - NetworkChuck
NetworkChuck
7 CCNA CCNP Study Tips for the New Year - 2018!! w/ Keith Barker CCIE
NetworkChuck
Is NetworkChuck Over!?!?!
NetworkChuck
Hack a Cisco Switch with a Raspberry Pi - CCNA Security - CCNP Security - Network+
NetworkChuck
STOP Buying IT Certification Books - CCNA | CCNP | A+ | Network+
NetworkChuck
I'm going to Cisco Live!!! - CiscoLIVE 2018 Orlando
NetworkChuck
How to become a DEVOPS Engineer feat. Shawn Powers | Linux+ | LPIC-1
NetworkChuck
Moving my HOME NETWORK to a DATA CENTER w/ DMVPN - CCNA | CCNP
NetworkChuck
The FUTURE of Information Security Engineers - Cisco Security Automation (DNA CENTER)
NetworkChuck
Network Engineers and AWS (Amazon Web Services) FEAT. Anthony Sequeira | CCNA | CCENT
NetworkChuck
Do You Need IT Certifications to Get Started in IT? ft. Jeremy Cioara
NetworkChuck
What's next for NetworkChuck? *UPDATE* | CCNA | CCNP | Network Automation
NetworkChuck
HOW to Start Coding (RIGHT NOW!) as a Network Engineer - ICND1 | CCNA CCNP & Intent-Based Networking
NetworkChuck
6 STEPS to IT CAREER SUCCESS!! - ft. Kevin Wallace | CCNA | CCNP | CCIE | Network+
NetworkChuck
What is SD-WAN? say GOODBYE to MPLS, DMVPN, iWAN... w/ SDN, Cisco and Viptela
NetworkChuck
What if you forgot EVERYTHING? - Re-Learning IT after MEMORY LOSS w/ Shawn Powers | Linux | CCNA
NetworkChuck
I (FINALLY!) Scheduled Cisco CCNP Certification Exam TSHOOT | 300-135
NetworkChuck
NetworkChuck 10 Days of Christmas 2018 - CBT Nuggets | David Bombal | Kevin Wallace (and more!!)
NetworkChuck
How To get a JOB with a CCNA (Network Engineer) | CCNA Routing and Switching
NetworkChuck
The ONE Skill You NEED in IT - Information Technology
NetworkChuck
Should I start Learning AWS?? - NetworkChuck AMA - Ask Me Anything
NetworkChuck
Using Arduino, Raspberry Pi and Python to Monitor Cisco Router - #DEVNET CCNA
NetworkChuck
Fighting IMPOSTER SYNDROME in Information Technology - Network Engineer | System Engineer | CCNA
NetworkChuck
Planning for 2019 - Information Technology Goals - CCNA | AWS | MCSA
NetworkChuck
CompTIA or Cisco? - Revisiting CCENT vs Network+ in 2019 | CCNA | MTA | MCSA
NetworkChuck
5 Reasons You Shouldn't Become a Network Engineer | CCNA | Information Technology
NetworkChuck
No Future for Network Engineers? - CCNA | CCNP
NetworkChuck
What is a VMware Engineer? | VMware Certified Professional - VCP | MCSA | CCNA
NetworkChuck
you didn't win...
NetworkChuck
Let's QoS My Home Network - LIVE NUGGET (Quality of Service) - CCNA - CCNP Collaboration
NetworkChuck
I PASSED THE TSHOOT EXAM!! - CCNP TSHOOT (I also failed)
NetworkChuck
David Bombal and NetworkChuck - This is IT! EP 1 | Azure, CiscoLIVE, Devnet
NetworkChuck
CCNA Lab in the Azure Cloud for FREE! - GNS3 Setup in Microsoft Azure
NetworkChuck
Get your CCNA in 2019
NetworkChuck
CCNA Cyber Ops vs CCNA Security
NetworkChuck
WI-FI 6, Why it's the BIGGEST update to Wi-Fi EVER! - 802.11ax
NetworkChuck
2 Steps to Getting Started in Networking (and IT!) | CCENT | CompTIA A+
NetworkChuck
HACK your IT Study Habits - CCENT - CCNA - A+ | Atomic Habits
NetworkChuck
Is MPLS DEAD?!? w/ Keith Barker and Jason Gooley | CCNA CCNP CCIE
NetworkChuck
More on: Security Basics
View skill →Related Reads
📰
📰
📰
📰
Social Discovery Group’s Announcement: A Communication That Raises Questions About Transparency and…
Medium · Cybersecurity
Adobe Producer Spoofing: A PDF Metadata Forgery Case Study
Dev.to · Iurii Rogulia
Today's the Deadline: Three Separate CISA Patch Orders Just Collided on the Same Weekend
Dev.to · Fabio Baensch
How Anthropic Could Have Prevented the “Claude Gift Fraud” With Security 101
Medium · Cybersecurity
🎓
Tutor Explanation
DeepCamp AI