1
00:00:00,510 --> 00:00:05,190
In this lecture, we are going to see how we can crack Windows passwords with John.

2
00:00:06,850 --> 00:00:12,520
Don Draper is one of the most popular password tracking tools available in most penetration testing

3
00:00:12,820 --> 00:00:13,780
distributions.

4
00:00:14,080 --> 00:00:16,780
Like Lennox Barrett was sector.

5
00:00:17,410 --> 00:00:23,710
It has a user friendly command line interface and has the ability to crack most password types.

6
00:00:24,800 --> 00:00:30,140
In this lesson, we are going to see how we can use John to create Windows passwords.

7
00:00:32,780 --> 00:00:38,450
This tool is useful in a scenario where you have a physical access to a system is password logged.

8
00:00:38,930 --> 00:00:41,870
It can be used to quickly crack the password.

9
00:00:42,410 --> 00:00:48,380
Remember, we are actually cracking the password and not bypassing it and it may take some time.

10
00:00:50,260 --> 00:00:52,300
The tag will work in two steps.

11
00:00:52,540 --> 00:00:57,850
In step one, we are going to get the hash from the same file and then we are going to get the hash

12
00:00:57,850 --> 00:00:58,480
with John.

13
00:01:01,410 --> 00:01:04,349
But this attack, we need to have a lifeboat USB.

14
00:01:04,620 --> 00:01:11,340
You can check the lecture Kali Linux as a bootable USB drive to learn how to make a bootable USB.

15
00:01:13,730 --> 00:01:19,310
Removed from Linux, USB drive, plug in USB to target PC and boot from it.

16
00:01:22,690 --> 00:01:28,960
No navigate to windows system32 config folder and copy same and system files to the desktop.

17
00:01:32,140 --> 00:01:36,760
Now open the terminal on the desktop and dump hashes with the given command.

18
00:01:37,240 --> 00:01:43,540
Similar to the tool we are using, hash to text will contain all hashes that we are aiming to collect.

19
00:01:45,210 --> 00:01:46,680
Once we have the hashes.

20
00:01:46,770 --> 00:01:50,130
Greg the password is Jones in dictionary file.

21
00:01:50,520 --> 00:01:52,740
You can use the command as shown on the screen.

22
00:01:55,320 --> 00:01:58,740
If your password is complex, you can try all traditionally.

23
00:01:59,280 --> 00:02:01,680
But first we need to uncompressed the file.

24
00:02:01,860 --> 00:02:05,790
So use the unzip command as shown on the screen to uncompressed the file.

25
00:02:08,580 --> 00:02:12,900
So to use John with Rog, traditionally use the command as shown on the screen.

26
00:02:13,380 --> 00:02:18,660
Here is the dictionary and hashCode text is the hash file that we are aiming to correct.

27
00:02:22,200 --> 00:02:25,080
And once the password is correct, it will be displayed on screen.

28
00:02:26,480 --> 00:02:29,450
If you want to try some other dictionaries against the passwords.

29
00:02:29,450 --> 00:02:32,330
I have already provided the link in the presentation.

30
00:02:35,490 --> 00:02:35,790
No.

31
00:02:35,790 --> 00:02:37,200
Let's see the demonstration.

32
00:02:39,590 --> 00:02:44,540
First of all, plug in your goal life as we in your target PC and boot from it.

33
00:02:52,250 --> 00:02:53,960
To the life system to boot.

34
00:02:59,970 --> 00:03:05,040
Double click on the Windows Volume date Navigate to Windows.

35
00:03:07,220 --> 00:03:08,390
System32.

36
00:03:15,370 --> 00:03:16,480
Config folder.

37
00:03:17,810 --> 00:03:20,540
And copy said and system files to the desktop.

38
00:03:28,820 --> 00:03:30,260
Right click on the desktop.

39
00:03:32,060 --> 00:03:34,370
And choose the option to open terminal here.

40
00:03:38,530 --> 00:03:42,040
They use Sam W command to dump the ashes.

41
00:03:51,700 --> 00:03:56,020
You can open your text file and see that our hashes are available.

42
00:04:00,160 --> 00:04:07,840
No Greg these passwords with John using default only use the command John W flag.

43
00:04:14,650 --> 00:04:17,680
Unless the password is correct, it will be displayed on screen.

44
00:04:18,480 --> 00:04:25,360
Now, if you want to create the password to the lock judiciary that comes prebuilt in Linux, we need

45
00:04:25,360 --> 00:04:26,800
to first uncompressed it.

46
00:04:27,100 --> 00:04:30,820
First of all, look at where this dictionary is located to look at command.

47
00:04:32,380 --> 00:04:35,020
They'll use the gunship command to compress it.

48
00:04:44,830 --> 00:04:50,290
Now to use the dictionary, use John VW flag and give full part of our traditionally.

49
00:04:58,970 --> 00:05:00,290
And execute the command.

50
00:05:01,040 --> 00:05:04,190
Once the password is correct, it will be displayed on screen.

51
00:05:06,890 --> 00:05:10,100
I hope you like this lecture and see you in the next lecture.