Hashing of Windows 7 admin password

[FTPPalace]

Hi all, I'm getting into hacking for fun purposes and to better both my computer skills and better protect my own data.
I managed to get the following hash from a Windows 7 machine through the sam file (samdump2) but can't seem to resolve the password for the "admin" account with either Ophcrack (loaded all vista tables) or John The Ripper (currently brute-forcing since no dictionary works but that could take a while  --> ./john hash.txt -format=nt -users=admin).


All I know is that the password is probably between 6 and 10 characters (most probably and that it should be relatively simple, maybe even all numbers.


I've managed to crack my own password with Ophcrack in seconds and it is a combination of alphanum that does not mean anything. I am therefore a bit suprised not to be able to crack this one.


Can someone please either find it for me (and tell me how they did) or guide me in the right direction.


Thanks a lot for your help !



Administrateur:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Invité:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
admin:1000:aad3b435b51404eeaad3b435b51404ee:37daed37b26be6fe6ac86ac23719aaca:::
HomeGroupUser$:1002:aad3b435b51404eeaad3b435b51404ee:9a7a1cfd02d858c7803c1f9b31a42e9c:::
LogMeInRemoteUser:1003:aad3b435b51404eeaad3b435b51404ee:e33b9ed540d6e47a55ce63d6c207417d:::

[Kulverstukas]

Along with this you also need a SYSTEM file, which holds the salt.

[FTPPalace]

I have that file too ! So what did I do wrong and what should I do? I grabbed the full config folder and even ophcrack can't crack when I load that..

[Kulverstukas]

I was using SamInside (a windows tool) to crack them. But you would need to steal the SAM and SYSTEM files, then load them up in SamInside and you would get the keys usually in few seconds.
What YOU did was dump the hashes which don't contain the salt and are trying to brute them without the SYSTEM file, which contains a key with which it was encrypted.

[FTPPalace]

OK I see what you mean about what I am trying to do now. However, in the copy/paste I provided above, isn't the first part ":........................:" the salt and the second part "....................." the hash ?


Just to clear things up: When I use Ophcrack, I point it the config folder meaning I suppose that it has access to both the SYSTEM and SAM files and therefore the salt as well. Yet, it does not work.


When I use John The Ripper, how could I provide it with the salt to make this brute force process faster (ETA currently displayed: June 2015 lol!)


I am also trying to use rcracki on the Hash having downloaded Numeric tables (99.9% success for lengths 1 to which I guess is also a good idea. I will try SamInside as well.


In the meantime, can you comment on the different options above, which one is best and also why in earth would ophcrack not work


Any help is appreciated, this is soooooo frustrating !

PS: I've looked online and it seems that Windows 7 hashes do not have a salt, hence the weakness of windows passwords.


So how can I go about getting this password ? The numeric rainbow table for 1-8 char did not work either


I uploaded the hash to onlinehashcrack.com and it found the password in a couple minutes. Obviously ow it is asking me to pay for it. It says its 8 characters so maybe I can rely on that at first. Is that website reliable ? (in which case it is crackable quite easily, I am just not doing it properly).


Thanks

Staff note: double post, whore.