Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Cthulhu]

More than that matters. There's also the strength of the password to consider.

If Windows is storing a legacy LM hash (old LANManager crap, it's really bad), and you can do it that way, brute-forcing is hilariously simple.

There are definitely tools to recover a Windows admin password, but I'm honestly not sure what's out there that's decent and legitimate.

So half that to a quarter.

500 million years or one billion.  Have fun.

That's not how math works. A 10-character passwords takes EXPONENTIALLY shorter time to crack than a 20-character password. Same with case-sensitive vs. all-lowercase.

Let me put it to you this way.

Say you have a 10-character password, and you want to consider all uppercase and lowercase letters.
Numbers of possibilities = (26*2)^10 = 52^10 =144,555,105,949,057,024
But what if you know they're all lowercase?
Number of possibilities = 26^10 = 141,167,095,653,376

So it's not 1/2 the possibilities, it's 1/1024 the possibilities. There's a big difference between 2 and 1024.


Now let's compare the difference between a 20-char long, case-sensitive password and a 10-char long, only-lowercase password.

(52)^20 = 20,896,178,655,943,101,411,324,274,803,736,576
(26)^10 = 141,167,095,653,376

One is 148,024,428,491,834,392,576 greater than the other.


For a 10-character-long password, only lowercase, brute-forcing still takes a hideously long time.

Probability of any given password being wrong: ((26^10) - 1)/(26^10)
Probability of you never getting it right within N tries: [((26^10) - 1)/(26^10)]^N

So for a 50% chance to have gotten it right:

[((26^10) - 1)/(26^10)]^N = 0.50
N ~= 100,000,000,000,000

At 50 tries per second, that's about 63,419 years. Still a damn long time, but certainly not 500,000,000,000.


Now, if you do 50 tries per second on 50 computers, just as an exercise... that's (50*50) = 2500 tries per second. At this rate, it's only a little over a millenium! (about 1268 years).

Of course, my numbers could be off. 50 computers trying 10000 times per second might do it in your lifetime. If you're lucky.



Again, this is just straight brute-forcing. Rainbow tables are something completely different, and one may exist, and if the computer is storing an LM hash of the password, and you can use that, then all bets are off, because those suck beyond belief.

Yeah, I know, I wasn't thinking.

You could brute force the computer with your fists.  If you punch it enough it might start working.

[Aqizzar]

GIANT FUCKING QUOTE BOXES

Can anyone figure out another way?

Yes.  Remember your damn password.  Have you actually tried just sitting there are thinking about it?  Try to visualize some context clues?  Because it's sounding more and more like you didn't forget any password, and just want someone to hand you a +1 Wand of Hacking.

[G-Flex]

Well,  I was giving times it would take to have a 50% probability of finding it.

And yeah, 8-letter passwords are going to be a lot quicker. That would still take decades, though, unless you're doing thousands of checks per second.


http://en.wikipedia.org/wiki/LAN_Manager_hash

This is what I was referring to earlier. If you're using XP or earlier, there's probably one there for your password.

The issue with LM hashes is that they're not salted (meaning a rainbow table attack is feasible; basically, look on a giant table of hashes, find yours, and you'll see a password that matches it that you can use), they're single-case alphabetical, and the password is split into 7-character segments that can be cracked individually.

Of course, I could be way off on my times. I probably am, because I'm assuming what is probably a very low number of calculations per second. With enough calculations per second, even on a single computer it could wind up just taking hours instead of days or months or what-have-you.


Seriously though, there are rainbow-table based cracking methods that can get through an LMhashed password in minutes, if that. There's an implementation of it referred to in that Wikipedia article.



[EDIT]

http://en.wikipedia.org/wiki/Ophcrack
http://ophcrack.sourceforge.net/

Here you are. Have fun.

You can burn this to a bootable CD and do what you will from there. Please use these powers for good and not evil.

[Schilcote]

http://pogostick.net/~pnh/ntpasswd/

You just write that ISO to a disc, then slip it in and boot off of it. Piece of cake. It works on everything Vista and earlier, don't know about later versions because I haven't tried it.

Umm...

There seems to be some curse upon me that makes my posts invisible on all forums that I join.

[G-Flex]

I think I skipped over some of the beginning of the thread. Whoops.

That is, however, a different tool: The one you linked to doesn't crack the password, it just resets it. This might have disadvantages.

[Fooj]

The one you linked to doesn't crack the password, it just resets it. This might have disadvantages.

I've used a linux live CD that surgically removes the password and resets it. If you've got any encrypted files that can only be viewed by the admin (If you made the admin my documents private) it will ruin them, but you'll still get into the admin account.

[G-Flex]

Yeah, that's the tradeoff, really: Anything else using that admin password will have problems. Aside from that, it'll still work.

Presuming the one I linked to works, it should be fine in all cases.

[Blacken]

Trust me, wracking your brain for the code is going to work a Hell of a lot faster than hotboxing your way in.

Only sometimes. Ophcrack will blow open most passwords in under a couple hours. Hooray for rainbow tables.

John the Ripper's another decent choice.

(Then again, it sounds a lot like he's looking for something for remote password access or something--i.e., not his own machine.)

[Jookia]

The point of a password is for it not to be crackable easily.
You can't recover this password.

[Schilcote]

Yeah, that's the tradeoff, really: Anything else using that admin password will have problems. Aside from that, it'll still work.

Presuming the one I linked to works, it should be fine in all cases.

Oh... Didn't know that...

If you're using a named account though (not Administrator), you can use that to open it and reset your password. That should take care of all your other things too. If the Administrator account is the one you've locked yourself out of I guess you should use Ophcrack.

[Strife26]

Seriously, in the future remember your passwords.

In my case, I have about three passwords, that I just mix and match. Then I write down oblique hints to myself.

Like "BurningBayNormcap2-##fav"

Gets me a 17 digit password with letters, numbers, and symbols.



Note, I'm pretty sure that that's the password for my online banking account, so don't mess with it, okay?

[Blacken]

The point of a password is for it not to be crackable easily.
You can't recover this password.

Provably false, in the post just above yours. Both JtR and Ophcrack are designed specifically for this purpose.

[Greiger]

I heard something about booting up to something like Linux off of a USB drive allows you to access all your files.  Using that in conjunction with another program may be able to decrypt the password.

My A+ hardware and operating systems teacher claims that windows security blows horribly.  And told the class some method or another on how to bypass it.  But he was pretty much just in one of his anti-microsoft rants so I wasn't really paying attention to remember it all.

You might be able to try the stickykeys method. (Hold a key down long enough for stickykeys to activate while on the login screen and have stickykeys give you access to control panel.)  But I think that only worked with a certain version of Vista.

[G-Flex]

The point of a password is for it not to be crackable easily.
You can't recover this password.

Provably false, in the post just above yours. Both JtR and Ophcrack are designed specifically for this purpose.

And in at least two other posts before that.

Granted, this isn't to say that passwords should be easily recovered/cracked, but obviously in some cases they are.

[Grakelin]

How are you guys getting the probability of these figures? I'm no math student, so I can't figure it out myself (I've been trying 26*25*24*23 like I learned in Grade 11, the last year I ever touched math, but that's tedious and leaves me to flounder a lot. Also, it's incorrect).

There seems to be an assumption that the brute force script has to get through every possible password combination before finding the right one. But if it finds it, it's not going to neglect to tell you about it until it's done (unless the programmer has left you with a sick, sick joke). So, technically, it will only take you until the universe dies if you're terribly unlucky. Instead, you have a very minute chance (which builds up bit by bit over time) that you will get the correct password with every try.

Granted, you are still likely to die before it does.