Start to finish: Cracking a Windows Server 2012 R2 Administrator account (Part 2 of 2)

In the previous guide I showed you how to steal password hashes from a Windows Server 2012 appliance.

We saved the hash to a USB drive and are now sitting at our Kali Linux laptop back home in our basement.

Let the cracking begin with John.

John the Ripper (sometimes called JTR or John) is a no frills password cracker that get’s teh job done.

The main thing to keep in mind with John the Ripper is that it a slow by sure.

In other words, it could take days, weeks or even months to crack a password with John the Ripper.  But with a large enough password list you’ll probably eventually get in.  Password cracking is a CPU laborious process so the beefier the CPU you have the quickier you’ll score your gold.

So let’s take a look at the hash we snagged from the Windows Server 2012 blade server.

SAM hash

We’ve absconded back to our basement and we’re about to fire up John.

john hash.txt --format=nt2

What’s the NT2 thing about?

SAM hashes contain LAN MAN “lm” and NTLMv2 (NT2) hashes.  We need to force John to use NT2 so we can get started.

Kali John CrackedGuess what happened when I typed that?

After a total of 1 guessrd which took 0:00:00:00 seconds, John the Ripper discovered my password:

Dragon1

It was so fast that I almost peed in my pants.  I couldn’t believe it.

Do you see that little value that says c/s: 593400 in the screenshot above? It stands for cypher computations per second.  In other words, John the Ripper was computing 593,400 password hashes per second!  Amazing.

You can also view the password by using more on ~/.john/john.pot.

more ~/.john/john.pot

John.pot

One thing to keep in mind is that John won’t display progress until you either hit the enter key or it finishes.  So if you run john and nothing happens try pressing enter to see what’s up.

You can get the full details on how this remarkable tool works on the OpenWall website.

The Bottom Line

Use strong passwords.

That’s the bottom line.  Don’t use stupid passwords like Dragon1 or like any of the passwords on this list.

Now you can tell your self aggrandizing friend his server password, watch his eyes dilate to the size of grapefruits, watch the color drain from his face and watch him hand write your check for $500,000.

Success is sweet isn’t it?

About

Connect with Vonnie on Twitter

Posted in Windows Tagged with: , ,