This article demonstrates one way to get and crack Windows 10 passwords. All the steps are completed on Windows 10. The last step of running the hashes through the Rainbow attack process could be replaced with John (JtR). The tools we’ll use are:
- Windows 10 Pro
Step 1. Log into the Windows 10 host and run the following command in CMD with administrative privileges:
reg save hklm/sam c:\sam.dump reg save hklm/system c:\system.dump
Step 2. Disable the AV or add an exception (preferred). The Antivirus will almost certainly complain about (and remove) the program “mimikatz.exe”.
Step 3. Download “mimikatz” from the following URL:
Step 4. Unzip the “mimikatz” archive and execute the [32bit] “Win32\mimikatz.exe” or [64bit] “x64\mimikatz.exe”. Tip: you can double click the executable to start it.
Step 5. Run the following commands to extract the password hashes:
log hash.txt lsadump::sam /system:c:\system.dump /sam:c:\sam.dump
Step 6. Open the “hash.txt” file to see find the hashes. They aren’t presented nicely so you need to copy/paste the hashes out yourself.
User : sally Hash NTLM: fb7eb56be65be76eb123eb321...
Using the above as an example, I’d create a new text file that looks like this:
The Rainbow input field doesn’t allow for the user names so we need to exclude those before placing the hashes into the Rainbow system. Like this:
Step 7. Visit the website that follows and paste the hashes (only the hashes, not the usernames) into the text field. Satisfy the “Captcha” and click the “Crack Hashes” button.