Cracking Windows Passwords Stored on Running Systems

The term password cracking refers to the process of taking a password hash and attempting to determine what the associated password was that generated that password hash. If a password’s hash cannot be reversed or decrypted to reproduce the original password, then how do attackers “crack” passwords? The attacker simply guesses what the password may have been. He then runs that guess through whatever password-hashing algorithm is used by the target system. The attacker compares the password hash generated by hashing his guess to the password hash that he is trying to crack. If the two match, then the guess was correct. If the two do not match, then the guess was incorrect. The more guesses the ...

Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.