hack hack reasearch facility

In this tutorial, you will learn how to crack a nt password remotely. This is only for educational services only. If you use this information to penetrate a system you don't have access to; then you are breaking the law.

So how will we be doing this? We will remotely crack the nt system through SMB. In other words through the Server Message Block. The method that I will be showing you is attacking the famous file and printer sharing service. The file and printer service uses the SMB.

In order for us to do this, we will be using the net use command in the command prompt. With this command we can try and log into the system. If you have ever used telnet or ssh to log into a linux box, then think of it that way. When we use the net use command with a * (asterisk) it will prompt us for the password. If you type in the correct password then you will be logged in. Just remember that file and printer sharing must be turned on. If it's not, then you will not be able to log in. So here is an example to understand how this all works.

c:\> net use \\192.168.1.125\IPC$ * /u:Administrator

Lets say there is an account named skiddie. Then you can try this.

c:\> net use \\192.168.1.125\IPC$ * /u:skiddie

Now you should have a good idea what needs to be done. Find all the users on the system. That is another tutorial and will not be covered here. Sometimes there are NULL passwords. What does this mean. It means there is no password at all. Just hit enter and you are in. I know what you are thinking. I am not going to sit there and keep typing passwords. For those out there that understand how to program will be thinking of writing a password cracker. I myself have done the same thing. Then one night of reading I read about a lot easier way of using a list of passwords in a file. No need to code a password cracker in c; just use the for command. Before trying this method, you should understand how to use this command and what the options mean. Make sure you read how to use the for command. Every windows hacker must read this. It has made things a lot easier for me.

To understand the for command; type this in a command prompt.

c: for /?

We will use the for command to open a file and list all the words in the file. First make a text file named words.txt; then place these words in that file.

hacker
cracker
whitehat
blackhat
mircoshaft
linux
freebsd

Now bring up the command prompt. Go to the directory where the words.txt file is located. The for command will not work if your not in the same directory as the words.txt file. Type this comand and you will see all the words in the file.

FOR /F "tokens=1" %i in (words.txt) do @echo %i

That command will list all the words in the words.txt file in the command prompt window. If you have a dictionary file; then you can use it to crack an account on a nt system with file and printer sharing turned on. You will use this command for the nt system.

FOR /F "tokens=1" %i in (words.txt) do net use \\192.168.1.125\IPC$ %i /u:Administrator

Instead of using the echo command we use the net use command. You will notice that I used %i after IPC$ instead of a asterisk. Now the net use command will loop through all the words in your dictionary file; try them as the password for the Administrator account.

That is it for the remotely password cracking a nt system. If you want to try this out; make sure file and printer sharing is turned on. Only try this on a system you have permission to do so. This tutorial was written to help out system administrators to learn how someone could penetrate a nt system. It's also good to test if users are using simple passwords.