1 00:00:00,660 --> 00:00:05,230 In this lesson, we will see how we can extract the exact password. 2 00:00:05,670 --> 00:00:08,370 OK, off Windows User, right. 3 00:00:08,520 --> 00:00:15,060 In the previous videos, we have seen how we can reset the password for users, either for standard 4 00:00:15,060 --> 00:00:16,850 user or for an administrator user. 5 00:00:17,130 --> 00:00:20,160 But now we are not going to reset the password. 6 00:00:20,190 --> 00:00:23,880 Instead, we are going to extract the exact password. 7 00:00:23,950 --> 00:00:26,550 OK, we will extract the original password. 8 00:00:27,120 --> 00:00:29,840 OK, so let's see how to do this for this. 9 00:00:29,850 --> 00:00:31,860 We are going to use three different tools. 10 00:00:31,890 --> 00:00:33,670 First one is B.W. seven. 11 00:00:34,110 --> 00:00:40,080 OK, so we are actually going to dumping and breaking the password hashes. 12 00:00:40,270 --> 00:00:40,620 Right. 13 00:00:41,040 --> 00:00:45,450 So there is a database, same database in your system, OK? 14 00:00:45,630 --> 00:00:47,520 It stands for security access. 15 00:00:48,630 --> 00:00:50,480 So any security account manager. 16 00:00:50,820 --> 00:00:51,140 Right. 17 00:00:51,630 --> 00:00:57,600 So same database is present in your Windows operating system, which contains your user account details 18 00:00:57,600 --> 00:01:00,570 and password descriptors like security descriptors. 19 00:01:00,870 --> 00:01:08,770 So it will contain your password in hashes either on elections or on implementations. 20 00:01:09,450 --> 00:01:16,730 OK, then we will use a tool called VIN RPG that is Bendl Rainbow Table Generator. 21 00:01:17,250 --> 00:01:17,530 Right. 22 00:01:17,880 --> 00:01:25,560 So it will going to generate a table based on our specifications and it will create a password list. 23 00:01:25,840 --> 00:01:26,180 Right. 24 00:01:26,940 --> 00:01:37,170 Then we will use rainbow crack bool, OK, in order to extract the original password in plain text format 25 00:01:37,170 --> 00:01:39,180 from the hashes that we have done. 26 00:01:39,930 --> 00:01:40,240 Right. 27 00:01:40,440 --> 00:01:41,920 So let's see how to do this. 28 00:01:42,450 --> 00:01:47,470 First of all, let's open command prompt and run as administrator. 29 00:01:48,780 --> 00:01:49,230 Yes. 30 00:01:50,760 --> 00:02:00,260 Now let's go to the drive and let's go to the router seven, OK, to download them seven. 31 00:02:00,270 --> 00:02:04,110 Simply go to Google and type download B.W. them seven, OK. 32 00:02:04,650 --> 00:02:07,590 And if you don't find it over the Internet, then ask me. 33 00:02:07,590 --> 00:02:09,190 I will share a link with you. 34 00:02:10,140 --> 00:02:13,420 Now let's run the executable file. 35 00:02:14,980 --> 00:02:20,860 OK, see, this is the attorney. 36 00:02:21,870 --> 00:02:28,260 So when you go to the Internet to download problems seven, just verify whether you are visiting the 37 00:02:28,840 --> 00:02:30,780 the ordinary website or not. 38 00:02:30,960 --> 00:02:36,860 Right now it says, yes, here is the password. 39 00:02:37,560 --> 00:02:42,050 OK, for one of the user on my main machine. 40 00:02:42,810 --> 00:02:43,030 Right. 41 00:02:43,290 --> 00:02:49,020 So let's save these passwords in a file called Hashes Dot Text. 42 00:02:49,680 --> 00:02:49,970 Right. 43 00:02:50,310 --> 00:02:58,110 And let's assign location, which is C, colon backslash, B, W W seven backslash. 44 00:02:58,110 --> 00:02:58,530 And then. 45 00:03:03,090 --> 00:03:05,880 Hashes don't text her data. 46 00:03:07,860 --> 00:03:08,170 Done. 47 00:03:09,330 --> 00:03:13,530 Now let's go to our window. 48 00:03:13,630 --> 00:03:15,080 INAUDIBLE generator. 49 00:03:15,750 --> 00:03:20,390 So so you drive and then we are Daejeon. 50 00:03:20,480 --> 00:03:21,030 Here it is. 51 00:03:22,980 --> 00:03:32,250 OK, so let's run this application and now let's create a password table, go to a table, select the 52 00:03:32,250 --> 00:03:32,920 hash form. 53 00:03:33,570 --> 00:03:34,230 So let's it. 54 00:03:34,230 --> 00:03:37,230 And then select the minimum length. 55 00:03:37,260 --> 00:03:38,280 OK, to. 56 00:03:41,990 --> 00:03:50,690 Maximum length, let's say, for now, it's asking for the total count of total gene count, so let's 57 00:03:50,690 --> 00:03:55,100 say forty thousand or foreleg is sufficient. 58 00:03:55,250 --> 00:04:01,850 OK, see, the more the gene goes, the more are the possibilities that we are going to get the exact 59 00:04:01,880 --> 00:04:09,680 password in Benedicte it right now here you can select correctly, said a sword, says Eloqua, which 60 00:04:09,680 --> 00:04:12,350 means all four words in the letters. 61 00:04:12,900 --> 00:04:16,690 OK, or you can go for a lower alphabet. 62 00:04:16,780 --> 00:04:20,000 That means all alphabetized in lowercase. 63 00:04:20,720 --> 00:04:23,750 But we will go with the numeric. 64 00:04:24,440 --> 00:04:31,280 OK, as it is a demonstration, then I know my password, so I will go with numeric one. 65 00:04:31,560 --> 00:04:33,760 OK, just click on OK. 66 00:04:35,480 --> 00:04:38,920 Right and then again click on Koki. 67 00:04:39,920 --> 00:04:46,460 OK, so Seabass it has started this process but it will going to take some time. 68 00:04:46,790 --> 00:04:49,070 So let me pause this video then let. 69 00:04:52,330 --> 00:04:54,890 Finally, we have a generator doing what they want. 70 00:04:55,450 --> 00:05:03,650 OK, now I have used a tool called Window Rain Portable Generator, but you can also use CommonGround, 71 00:05:04,060 --> 00:05:06,450 OK, to generate a removable. 72 00:05:06,610 --> 00:05:09,270 OK, so let's see how to do it. 73 00:05:11,410 --> 00:05:14,200 See, our pigeon is Decameron for this. 74 00:05:14,260 --> 00:05:24,510 OK, so Orexigen then define your hash pipe, whether it is L.M. or NPRM or modify etc.. 75 00:05:24,520 --> 00:05:27,680 OK, then define what kind of range. 76 00:05:27,730 --> 00:05:32,160 Whatever you want to generate like numeric alphanumeric etc.. 77 00:05:32,650 --> 00:05:37,530 OK then this is the minimum number of length, OK. 78 00:05:37,540 --> 00:05:41,460 And this defines the maximum number of length of the password. 79 00:05:42,550 --> 00:05:42,900 Right. 80 00:05:45,520 --> 00:05:47,130 Then keep it zero. 81 00:05:47,590 --> 00:05:51,580 And this is the number of passwords you want to generate in total. 82 00:05:51,790 --> 00:05:58,350 OK, so let's say you want to generate the total number of passwords to ninety thousand. 83 00:05:58,450 --> 00:06:01,510 OK, so let's change it to ninety thousand. 84 00:06:04,240 --> 00:06:09,880 OK, and then define numbers like zero, one, two, three, four, five, six, seven, eight, nine, 85 00:06:10,270 --> 00:06:10,600 10. 86 00:06:11,890 --> 00:06:15,660 OK, and then leave the last option to zero. 87 00:06:16,030 --> 00:06:25,810 This way you will able to generate a table with 90000 passwords, which are the combination of these 88 00:06:25,810 --> 00:06:29,920 numbers right now. 89 00:06:30,310 --> 00:06:34,210 After generating a table, it is important to sort that table. 90 00:06:34,600 --> 00:06:44,860 So to the table we will use the combined RFP sort of rainbow table sort and then the name of the file. 91 00:06:46,570 --> 00:06:48,220 OK, let's close this. 92 00:06:52,160 --> 00:06:56,870 Now, let's open green correctly, so here it is. 93 00:06:57,080 --> 00:06:58,520 Let's run the application. 94 00:06:59,950 --> 00:07:10,570 So this is a rainbow pool which help us to extract a password from hashes in public text. 95 00:07:11,120 --> 00:07:13,250 OK, so let's see how to do this. 96 00:07:14,480 --> 00:07:18,200 First of all, let's say a hash, OK? 97 00:07:18,440 --> 00:07:22,580 And now let's open our hash file, which is in the bottom seven. 98 00:07:23,180 --> 00:07:24,990 So this is B.W. seven. 99 00:07:25,820 --> 00:07:30,640 Let's open hashes file right now. 100 00:07:33,310 --> 00:07:34,570 Let's copy this one. 101 00:07:34,900 --> 00:07:36,910 OK, let's copy this hash. 102 00:07:39,200 --> 00:07:45,770 Because the rest of the users, like Richard Guest, has no password, right, but then the user has 103 00:07:45,770 --> 00:07:46,410 a password. 104 00:07:47,150 --> 00:07:48,800 That's why I picked up this hash. 105 00:07:50,430 --> 00:07:59,960 OK, now based here, click OK, now go during whatever search for rainbow tables. 106 00:08:00,590 --> 00:08:09,530 So let's say I want to open them this way, OK, because it's a short file, right. 107 00:08:11,600 --> 00:08:20,090 If we go for this long file, which I have generated some time ago, then it will going to take around 108 00:08:20,180 --> 00:08:23,300 15 to 20 minutes or more just to scan this file. 109 00:08:23,660 --> 00:08:24,050 Right. 110 00:08:24,440 --> 00:08:30,230 But my aim is to show you a demo of how actually the rainbow crack tool works. 111 00:08:30,680 --> 00:08:31,050 Right. 112 00:08:31,430 --> 00:08:33,070 So let's open this file. 113 00:08:34,700 --> 00:08:39,460 See, it has detected our password and password is one, two, three. 114 00:08:40,490 --> 00:08:46,370 Right now, I have not changed passwords for this demonstration purpose, but I am actually using this 115 00:08:46,370 --> 00:08:49,670 simple password from last six months. 116 00:08:50,090 --> 00:08:53,710 OK, now let's verify whether this password it works or not. 117 00:08:53,870 --> 00:08:55,150 So let's log. 118 00:08:55,550 --> 00:08:58,120 OK, and type one, two, three. 119 00:08:58,400 --> 00:08:59,900 OK, see. 120 00:08:59,900 --> 00:09:00,530 One, two, three. 121 00:09:02,380 --> 00:09:10,760 OK, so this way you can extract the exact password or the original password in plain text from hashes. 122 00:09:11,210 --> 00:09:20,690 So B.W. them handbill two for dumping hashes and then window ought to be able to help you to generate 123 00:09:20,900 --> 00:09:28,000 whatever and then brainwork that helps you to extract plaintext passwords from the generated table. 124 00:09:28,580 --> 00:09:28,900 Right. 125 00:09:29,240 --> 00:09:36,320 So I hope now you know how to use B.W. seven venality, gin and rainbow crit.