Author Topic: [AutoIt] Windows Password Cracker  (Read 3496 times)

0 Members and 1 Guest are viewing this topic.

Offline z3n3r

  • /dev/null
  • *
  • Posts: 7
  • Cookies: -2
  • Crazy....
    • View Profile
    • GNY !
[AutoIt] Windows Password Cracker
« on: December 19, 2013, 11:19:17 pm »
THis simple AutoIt script bruteforces a Windows User password. It uses a dictionary file and runs mainly from console.

Its notas fast as the C port I wrote but it works fine :) . Not detected by most AV software.

Tweak it and get the idea :)

Code: [Select]
----------------------------------------------------------------------------

 AutoIt Version: 3.3.6.0
 Author:         z3ner


 Script Function:
Simple Windows Password Cracker

----------------------------------------------------------------------------

http://upload.evilzone.org/download.php?id=5290399&type=zip
« Last Edit: December 20, 2013, 07:40:41 am by Kulverstukas »
You'll be suprised how many stupid people there are in the world !
7 billion and counting....

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: [AutoIt] Windows Password Cracker
« Reply #1 on: December 20, 2013, 07:46:03 am »
Not bad, but moved to Other, because "Code library" is more for single blocks of code ready to be used.

Now, why does it bruteforce the passwords? such method is not very useful because it just might never hit the right one and dictionary file size must be humongous to get any kind of a believable result. Something a stealer should not be having/doing :P
Instead you could look into methods of obtaining the hash from SAM and reversing it with the salt obtained from SYSTEM files. But AFAIK they cannot be read while the system is running, might be some exploits though, but not sure.
You could also make it install as a service and run before the user logs in or before the system fully boots up.

Never the less, nice work :) +1

Offline z3n3r

  • /dev/null
  • *
  • Posts: 7
  • Cookies: -2
  • Crazy....
    • View Profile
    • GNY !
Re: [AutoIt] Windows Password Cracker
« Reply #2 on: December 20, 2013, 09:53:35 am »
Well there are better methods to getting the password but I wrote this code because it works well when say you are logged in as Guest and you would like to crack the Administrator password without having to restart the machine and booting into another O.S . It works quite well for weak passwords that is.( I believe alot of normal people still use those ) and a good dictionary is needed of course.


And last time I checked Windows Systems don't log incorrect password attempts unless the Admin enables that feature.   


I used this at a local internet cafe and it worked :) Its dumb but it works.
You'll be suprised how many stupid people there are in the world !
7 billion and counting....

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: [AutoIt] Windows Password Cracker
« Reply #3 on: December 20, 2013, 10:43:20 am »
Lol I guess if it work... I was simply brainstorming :)
And no, normal people use strong password, dumb people use weak ones. Specially in an internet cafe, dafuq?
« Last Edit: December 20, 2013, 10:43:38 am by Kulverstukas »

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: [AutoIt] Windows Password Cracker
« Reply #4 on: December 20, 2013, 11:43:13 am »
Quote
And last time I checked Windows Systems don't log incorrect password attempts unless the Admin enables that feature.   

If you know where to look... it does by default.

As for the SAM file, we recently discussed this somewhere but the partition can be backuped up while running live.
Effectively dumping the SAM file with all the other crap (needs some code) and thus be stolen.
This possible backdoor was introduced by microsoft themselves, believe its called hypervbackup but im not sure , have to look that up.
Anyways that would be a viable attack route, have not tried myself just yet.
« Last Edit: December 20, 2013, 11:45:26 am by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage