Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

Start to finish: Cracking a Windows Server 2012 R2 Administrator account (Part 2 of 2) - fixedByVonnie

Start to finish: Cracking a Windows Server 2012 R2 Administrator account (Part 2 of 2)

In the previous guide I showed you how to steal password hashes from a Windows Server 2012 appliance.

We saved the hash to a USB drive and are now sitting at our Kali Linux laptop back home in our basement.

Let the cracking begin with John.

John the Ripper (sometimes called JTR or John) is a no frills password cracker that get’s teh job done.

The main thing to keep in mind with John the Ripper is that it a slow by sure.

In other words, it could take days, weeks or even months to crack a password with John the Ripper.  But with a large enough password list you’ll probably eventually get in.  Password cracking is a CPU laborious process so the beefier the CPU you have the quickier you’ll score your gold.

So let’s take a look at the hash we snagged from the Windows Server 2012 blade server.

SAM hash

We’ve absconded back to our basement and we’re about to fire up John.

john hash.txt --format=nt2

What’s the NT2 thing about?

SAM hashes contain LAN MAN “lm” and NTLMv2 (NT2) hashes.  We need to force John to use NT2 so we can get started.

Kali John CrackedGuess what happened when I typed that?

After a total of 1 guessrd which took 0:00:00:00 seconds, John the Ripper discovered my password:


It was so fast that I almost peed in my pants.  I couldn’t believe it.

Do you see that little value that says c/s: 593400 in the screenshot above? It stands for cypher computations per second.  In other words, John the Ripper was computing 593,400 password hashes per second!  Amazing.

You can also view the password by using more on ~/.john/john.pot.

more ~/.john/john.pot


One thing to keep in mind is that John won’t display progress until you either hit the enter key or it finishes.  So if you run john and nothing happens try pressing enter to see what’s up.

You can get the full details on how this remarkable tool works on the OpenWall website.

The Bottom Line

Use strong passwords.

That’s the bottom line.  Don’t use stupid passwords like Dragon1 or like any of the passwords on this list.

Now you can tell your self aggrandizing friend his server password, watch his eyes dilate to the size of grapefruits, watch the color drain from his face and watch him hand write your check for $500,000.

Success is sweet isn’t it?


Connect with Vonnie on Twitter

Posted in Windows Tagged with: , ,