In this section, we will see how to get hashes with Cain and then how MD4 and Unicode work. Then, we'll discuss cracking hashes with Google and cracking hashes with wordlists.
Cain is a free hacking tool that can harvest Windows hashes from a running operating system. In order to test it, we'll make three accounts on Windows Server, the very latest version of the Windows operating system. You can use the user command at the Command Prompt to do this. You can add a user named John
with a password P@sw0rd
, a user named Paul
with a password, and a user named Ringo
with password P@sw0rd999
:
If you run Cain, it can harvest the hashes. The following screenshot shows the three users and their hashes:
The LM H
section is an obsolete system that is no longer used by any version of Windows, so it just contains a dummy value that has no information. The actual hash used by Windows when you log in is called the as
hNT Hash
. Notice that if two users have the...