How to hack the windows protected account: Dictionary attack for guessing the password of windows account
If I say that everyone wants to hack, I won’t be lying. A lot of computer/cellphone users want to hack cause its fun and somehow you get fame through it. Most of giant companies like Google, Yahoo, Facebook etc. recently have started bug bounty program in which they will pay you for identifying the security loopholes, in short you can earn too, a lot. Usually hackers exploit a certain condition of the system, it can be as simple as using an addition operation (simple plus) or as complex as writing a piece of code to hack a system. Of course its way hard to breach the security of Facebook than of your home desktop PC.
Today, I am going to show you how can you get the password of a protected windows account by performing a dictionary attack.
Lets say you have one elder brother and both of you share same computer that uses Windows 7. There are two user accounts, one is your’s and other of your big bro. But the problem is that your brother’s account type is the ‘administrator’ meaning he has more rights than you and you need his permission to do various tasks e.g installing software, deleting stuff etc. But no one wants to be controlled, isn’t it ? Everyone needs freedom. So, your motive is to somehow change your account type to administrator or at least get that admin account password.
Almost all digital devices have a security feature called access control. In windows access control is provided in the form of username + password. A legitimate user is only allowed to enter into his account. The problem is not with this access control but its with us, the homo sapiens. What we do is that we don’t make a strong random password, most of us have a very simple passwords like: ‘123456789’, ‘pakistan’, ‘pak12345’, ‘admin’, ‘007’ etc. The concept behind dictionary attack is that attacker has a dictionary in which a lot of keywords are present and he tries all of those combinations to get the original password. Dictionary attack doesn’t have the success rate of 100% unlike the brute force attack. The bigger dictionary you have i.e more words/phrases you have the better chances you have guessing the password.
Platform: Windows 7 (have tested on WinXP and Win8 too)
Software: Cain & Abel
You need to have access to the victim’s computer & install this software. (required one time only)
1. Go to the following website and download the software ‘Cain & Abel’ [website: http://www.oxid.it/cain.html] .
10. So, it has fetched all the accounts and corresponding *encrypted passwords (NT LASH). But the problem is we need the plain password not the encrypted password, as it is of no use. Right now the administrator and guest accounts have no password thats why NT Password column is showing *blank*. My goal here is to get the password of username Acer.
12. Now its time to load the dictionary. I am using a very very very simple dictionary just for demonstration purpose, it doesn’t have many keywords. I recommend using some other dictionary, or what you can do is that simply add keywords yourself to make it good but that would be cumbersome. Left click on the file column and a list will show up, click Add to list and specify the path of dictionary. [dictionary I used: https://docs.google.com/file/d/0BzXG746ounrhUlhnNnVjLUo5emM/edit?usp=sharing%5D
This was all guys, hope this tutorial helps you. Feel free to ask anything.
1. Dictionary attack doesn’t have success rate of 100%.
2. The bigger dictionary you have the better chances you have.
3. The bigger the dictionary it is the more time it will take.
* To all the geeks, yes I know its not encrypted password but HASH. But to keep things simple I have called it so.