Cracking Cached Passwords with Cachedump and John the Ripper (JTR)

So if you are looking to audit password strength in a Windows Domain environment, there are two tools that will be of help to you. FGDump is a compilation of PWDump and Cachedump. It also has a some useful switches, but documentation for those can be found here. PWdump will pull hashes for local accounts such as Administrator. Cachedump however will pull the cached hashes from network users who have logged into the machine.

Here is how to grab the hashes.

Download FGDump from here and place the executable on a flashdrive (if you have a U3 device, I will soon be posting how to run fgdump without any user interaction).
Plug the flashdrive into the target computer and open up a command prompt.
Navigate to your flashdrive and execute fgdump.exe.
Wait for it to finish and once it is successful, open up the 127.0.0.1.cachedump file in notepad to see the hashes.
Copy the hashes to a file and save in this format: filename.txt.
Next download John:

wget http://openwall.com/john/f/john-1.7.2.tar.gz
tar xzf john-1.7.2.tar.gz

Now we are going to have to patch it to let it recognize the cachedump format:

wget http://openwall.com/john/contrib/john-1.7.2-mscash-alainesp-4.1.diff.gz
cd john-1.7.2
zcat ../john-1.7.2-mscash-alainesp-4.1.diff.gz | patch -p1 -Z

If you do not have the zcat command, then patch it with gzip:

gzip -dc ../john-VERSION-WHAT-REVISION.diff.gz | patch -p1
cd src
make
make clean SYSTEM (which ever system type you have as displayed with make)

Once successful:

cd run
./john --test

Now lets crack the cached file

./john -format:mscash hashes.txt

or

./john -w:passwordlist.txt -format:mscash hashes.txt

Give me some feedback if this helped you.

Convert OGV to AVI (gtk-recordMyDesktop)

For a while I have been looking for a good way to make some video tutorials in Linux and be able to upload them in good quality to a video hosting site. I finally found a good piece of software that would let me choose where I wanted to record, gtk-recordMyDesktop. This can be obtained by typing sudo apt-get install gtk-recordmydesktop or through the Add/Remove Programs feature. The output of the recorded file is in a .ogv format. I want to convert it to a .avi format so I can upload it. Here is the command to do so:

mencoder -idx input.ogv -ovc lavc -oac mp3lame -o output

There is another way to do this through ffmpeg with this command:

ffmpeg -i input.ogv output.avi

Either one works, but to keep things easy, I made a script to assist with the conversion:

#!/bin/bash
echo "Convert from .OGV to .AVI"
NAME=$(whoami)
read -p "Is the file on your Desktop? (y/n):" DESKTOP
if [ "$DESKTOP" = "y" ]; then
{
    read -p "Please specify the name of the .OGV file: /home/$NAME/Desktop/" OGV
    read -p "Please specify the desired output filename: /home/$NAME/Desktop/" AVI
    mencoder -idx /home/$NAME/Desktop/$OGV -ovc lavc -oac mp3lame -o /home/$NAME/Desktop/$AVI
    echo "Conversion completed."
}
else
{
    read -p "Please specify the location of the .OGV file: " OGV
    read -p "Please specify the desired output filename: " AVI2
    mencoder -idx $OGV -ovc lavc -oac mp3lame -o $AVI2
    echo "Conversion completed."
}
fi
read -p "Would you like to play the converted movie? (y/n):" PLAY

if [ "$PLAY" = "y" ]; then
{   
    if [ "$DESKTOP" = "y" ]; then
            totem /home/$NAME/Desktop/$AVI
            echo "Process Completed Successfully!"
            clear
            exit
    else
            totem $AVI2
            clear
            echo "Process Completed Successfully!"
            exit       
    fi
}
else
    clear
    echo "Process Completed Successfully!"
    sleep 2
fi
exit

Just make sure to issue chmod 755 ogvtoavi before running it.

So now you can expect some videos in the upcoming days...

Installing BT3 on SD Card for Asus EEE PC

After recently buying a EEE PC online, the first thing I wanted to do was load backtrack on it. I didn't want to load it on the hard drive as the Ubuntu netbook remix looked pretty cool and I thought I would have that as a backup. I went out and bought a 4Gb SDHC card and loaded BT3 on it with changes. It acts as a USB device, but its not as pesky as a USB dongle. I read around and found you can't natively boot to backtrack. So I had to modify my bootable flash drive to include a module special to the EEE PC. This will fix the resolution and allow you to start the x server. Here's what I did to get it working.

1. Inserted the SD card and made a bootable USB BT drive (follow my tutorial if you don't have one already). However, i added the 901_net_gfx (my EEE is the 901) module to the /BT3/optional folder, and it can be downloaded here. Once that was added, you much modify the syslinux.cfg (/boot/syslinux/syslinux.cfg) file to include this under the APPEND section: load=901_net_gfx. That's it, now boot your USB drive and select the option you added the 901_net_gfx tag to.
2. Once booted, issue a fdisk -l and find your SD card.
3. You can either use fdisk to format it or use gparted. For gparted, open up a terminal and type in gparted. Modify your SD card to have one 1024Mb partition formated in FAT32 and the rest of the card to be formatted in ext2.
4. Commit the changes and then copy the boot and BT3 folders from your flash drives FAT32 partition to your SD card's partition: cp -R /mnt/sda1/{boot,BT3} /mnt/sdb1/ (this can be done through the gui using Konqueror)
5. Now make the changes directory in the ext2 partition: mkdir /mnt/sdb2/changes
6. Once that is complete, reboot the machine and remove your USB drive. Then press ESC during the poweron to get a boot menu and select your SD card.

Hope this helps. Let me know if you run in to any problems.

Make Bootable BT3 USB Drive With Changes and Storage Folder

Ok, so lately I have really been wanting to keep my portable drive that I take from computer to computer and also have a bootable BT3 drive with changes. Here are the steps I took to make it happen.

You are going to need:
1. A USB drive of at least 2Gb
2. A copy of the USB BT3 iso, found here.
3. A machine (virtual or real) running Windows.
4. A BT Live CD or BT VM.

Ok here we go...
1. Boot into windows and have your flash drive recognized.
2. I used Acronis Disk Director to partition the drive and made a minimum of 1.5Gb FAT32 partition labeled "BT3", however you can label it whatever you want. If you do not have Acronis Disk Director, then see the steps below...if you do, then move to step 3.
**EDIT** If you do not have a copy of Acronis Disk Director...then boot from the Live CD and use fdisk to partition. Use the following commands:

fdisk -l (find your USB drive)
fdisk /dev/sda
d (delete the partitions until the drive is blank)
1
n (create a new paritition)
p
1
(enter)
+1.3G (the size you want for your install)
n
p
2
(enter)
(enter) (the size you want for your changes...this assumes the rest of the drive)
w
mkfs.vfat -F 32 /dev/sda1
mkfs.ext2 /dev/sda2
umount /dev/sda1
umount /dev/sda2

Now move to step 4

3. Then I partitioned the rest of the drive in ext2 format and labeled it changes.
4. Restart the computer for the changes to be applied (you may not have to do this depending on your partitioner) and boot back into Windows.
5. Extract all files found in the bt3final_usb.iso with WinRAR.
6. Take the extracted files and copy them to your USB drive (the only partition recognized in Windows)
7. Open up a command prompt and enter the following commands:

e: (or the drive letter of your USB drive)
cd boot
bootinst.bat

8. Once it completes, hit enter and restart into your BT Live CD or simply switch to your BT vm.
9. Navigate to your flash drive: cd /mnt/sda1 (replacing sda1 with your flash drive).
10. Enter the following commands:

mkdir X (you can name this what you want, this is for your personal data)
cd /boot/syslinux
chmod +Xx lilo
chmod +Xx syslinux
nano syslinux.cfg

And find the label pchanges and by APPEND, change the changes=/changes/changes.dat to changes=/dev/sda2

mkdir /mnt/sdb2/changes

11. Now restart and boot to your flash drive and select the Persistent Changes option.

Let me know if you found a different way or if this doesn't work for you. I'm hoping to get a video up of this soon.

Eee Tutorials coming soon!