Head-way on Project 3

234 views
Skip to first unread message

Michael Nelson

unread,
Oct 14, 2011, 1:49:17 AM10/14/11
to asu-cse-466-Fall-2007
I started by using the VMWare Windows XP image and VMWare player. I
was able to change the boot order to boot from the Ophcrack live cd
iso for XP. Once I got into Ophcrack however, I kept getting the
message "no partition containing hashes found". I tried using the
instructions at http://sourceforge.net/apps/mediawiki/ophcrack/index.php?title=Frequently_Asked_Questions
but I still couldn't even view an NTFS or FAT32 partition let alone
mount one.

I tried another approach with a copy of XP I got from MSDN Academic
Alliance and Oracle VirtualBox. I installed XP on VirtualBox and then
booted from the Ophcrack iso. It loaded right up and started cracking
away at the user passwords for all the partitions it could find. It
took less than three minutes to crack the password "test123". I can
use this now to proceed with the project but I was wondering if anyone
has any tips on how to get the VMWare player XP partition to be
recognized in Ophcrack.

Thanks for the help.

Mike Nelson

Partha Dasgupta

unread,
Oct 14, 2011, 2:11:13 AM10/14/11
to asu-cse-46...@googlegroups.com
From what I have heard, Ophcrack works on IDE drives but not on SCSI drives (contrary to the faq). So the Windows XP image needs to be configured for IDE drives.


--
You received this message because you are subscribed to the Google Groups "asu-cse-466-Fall-2007" group.
To post to this group, send email to asu-cse-46...@googlegroups.com.
To unsubscribe from this group, send email to asu-cse-466-fall...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/asu-cse-466-fall-2007?hl=en.




--
Partha Dasgupta,
School of Computing Informatics, Arizona State University
EMail: par...@asu.edu
http://cactus.eas.asu.edu/partha

Michael Nelson

unread,
Oct 19, 2011, 10:52:03 PM10/19/11
to asu-cse-466-Fall-2007
I figured out how to convert the SCSI drive over to IDE...

1) In the directory where the virtual machine is stored, there is file
with the extension .vmx
2) Open this file with notepad and edit the following items:
a) scsi0:0.present = "TRUE"
change the TRUE to FALSE
b) add the lines toward the bottom: ide0:1.present = "TRUE"
ide0:1.fileName
= "Windows XP Professional.vmdk"
The filename for the IDE drive should be the same as the SCSI
drive. VMWare player only emulates
the SCSI and IDE devices and doesn't care that you're changing
the label.
3) (Optional) Add the line bios.bootDelay = "5000"
to increase the bios screen display time.

Also, I changed the virtual machine's RAM setting from 512MB to 1024MB
so I could use
“ophcrack graphic mode automatic.”

Now Ophcrack runs fine, but it returns "not found" for the password
for the test1 account. Does anyone
know what the password is?

Thanks for the help.

Michael Nelson

Michael Nelson

unread,
Oct 21, 2011, 3:11:21 PM10/21/11
to asu-cse-466-Fall-2007
Cracked the password...

While in Ophcrack the hashes are displayed for the test1 account. Copy
the LMhash into the password cracker on Ohpcrack's website to use the
XP special character tables.

http://www.objectif-securite.ch/en/products.php

The cracker is at the bottom of the page. Use the password it gives
you to login to the test1 account.

**keep in mind that the LMhash returns the password in all caps**

Have fun cracking!

Michael Nelson

Andrew DuPuis

unread,
Oct 23, 2011, 8:38:45 PM10/23/11
to asu-cse-466-Fall-2007
I ran ophcrack on Virtual box, and at first I had a problem in that VB
kept killing ophcrack (Like was described would happen if not using
low ram mode, even though I was) I was able to fix this simply by
going into system settings and increasing the base memory for the VM.
Maybe this will help someone.
Reply all
Reply to author
Forward
0 new messages