How to use John the Ripper Tutorial and Pwdump7

In Microsoft Windows user account password and information are stored in a file called SAM. The windows SAM file location is “%systemroot%\system32\config” and also a backup copy of the file is also stored in ”%systemroot%\repair”.

As part of Windows 10 Password hack, we will be using brute force password cracker that is John the Ripper and Pwdump7.In this John the Ripper tutorial we will keep things simple for understanding and keeping in mind if any beginner is following it.
SAM-Password-cracking

In Windows 10 and earlier versions till Windows SP3 the SAM file is by default locked with syskey enabled so we cannot open it as such and view its content so here in this post, I will show you how we can crack it and retrieve the hash.

You may be wondering what does SAM stand for?

It is can be expanded as Security Accounts Manager, it stores the user credentials information.

Requirements:

1. Pwdump7: (Download)

2. John the Ripper. (Download)

Procedure:

Step 1. You need to have the administrative privilege then open up command prompt window, using the command prompt go to the directory where pwdump7 is present and follow the on-screen information as shown below.
SAM-Password-cracking

Step 2. After all the hashes are being displayed on the command prompt screen right click on the title bar copy it then pastes and saves it in a text file.First right click and mark the screen before copying. Here I have saved it as pw-hash.txt
SAM-Password-cracking

Step 3.Having downloaded John the ripper browse into John’s root directory and use the command as shown in the image below.
SAM-Password-cracking

Step 4.The command we have used above is “C:\JOHN\RUN>john-386 C:/pw-hash.txt –users=Administrator”, the format of the command is “john-386 [Hash file path] –users=[Username]”.Here the hash file path is “C:/pw-hash.txt” and the username is “Administrator”, by using the above command then the John will search for the password of Administrator.

You can also use “C:\JOHN\RUN>john-386 C:/pw-hash.txt” so that John will search for the password of all the usernames available.

If you have a John the ripper wordlist then you can use the wordlist mode as well.

john --wordlist=password.txt pw-hash.txt

If you find this post useful then do drop a comment it will be appreciated.
How to use John the Ripper Tutorial and Pwdump7 How to use John the Ripper Tutorial and Pwdump7 Reviewed by Satyajit (Admins,a.k.a Satosys) on Wednesday, October 20, 2010 Rating: 5

9 comments:

Usi@Hacking said...

hey is there any solution if we don't have access to anything in pc, means no admin for any access?

Satyajit (Admins,a.k.a Satosys) said...

Yeah you can go for "Metasploit"...its a pretty good option... :)

Thanks for visiting.... :)

Shabnam Sultan said...

Very useful one :) will try it.

Satyajit (Admins,a.k.a Satosys) said...

@Shabnam Thanks that you liked it... :)keep visiting.

Sohbet said...

Thx very usefull.

Jimmy said...

nice tip...thnx for sharing it :-)

JT said...

this is really useful thanks
for pointing me in the right direction - I had forgotten a lot of this - but needed a refresher for my CEH

Thanks
JT

Anonymous said...

Thanks a lot for the tutorial,
it helps me out for the CEH certification.
but i m stucked.....that how can i get hashes remotely

irfan ayub said...

plz guid me

Powered by Blogger.