[AutoIt] Windows Password Cracker

[z3n3r]

THis simple AutoIt script bruteforces a Windows User password. It uses a dictionary file and runs mainly from console.

Its notas fast as the C port I wrote but it works fine . Not detected by most AV software.

Tweak it and get the idea

Code: [Select]

----------------------------------------------------------------------------

 AutoIt Version: 3.3.6.0
 Author:         z3ner


 Script Function:
Simple Windows Password Cracker

----------------------------------------------------------------------------
http://upload.evilzone.org/download.php?id=5290399&type=zip

[Kulverstukas]

Not bad, but moved to Other, because "Code library" is more for single blocks of code ready to be used.

Now, why does it bruteforce the passwords? such method is not very useful because it just might never hit the right one and dictionary file size must be humongous to get any kind of a believable result. Something a stealer should not be having/doing
Instead you could look into methods of obtaining the hash from SAM and reversing it with the salt obtained from SYSTEM files. But AFAIK they cannot be read while the system is running, might be some exploits though, but not sure.
You could also make it install as a service and run before the user logs in or before the system fully boots up.

Never the less, nice work +1

[z3n3r]

Well there are better methods to getting the password but I wrote this code because it works well when say you are logged in as Guest and you would like to crack the Administrator password without having to restart the machine and booting into another O.S . It works quite well for weak passwords that is.( I believe alot of normal people still use those ) and a good dictionary is needed of course.


And last time I checked Windows Systems don't log incorrect password attempts unless the Admin enables that feature.   


I used this at a local internet cafe and it worked Its dumb but it works.

[Kulverstukas]

Lol I guess if it work... I was simply brainstorming
And no, normal people use strong password, dumb people use weak ones. Specially in an internet cafe, dafuq?

[proxx]

And last time I checked Windows Systems don't log incorrect password attempts unless the Admin enables that feature.   

If you know where to look... it does by default.

As for the SAM file, we recently discussed this somewhere but the partition can be backuped up while running live.
Effectively dumping the SAM file with all the other crap (needs some code) and thus be stolen.
This possible backdoor was introduced by microsoft themselves, believe its called hypervbackup but im not sure , have to look that up.
Anyways that would be a viable attack route, have not tried myself just yet.