So, this took a while for me to put together, but it worked out good. Refer below for further resource. I will am tryin to get my hands on the v2.2 so I can post another Tut for Win8. Otherwise, this works good for Win7. Rock On!
Here, we will be bypassing the normal Windows 7 Password authentication and then extracting the SAM database password Hashes. We will also take a little scenic route and grab the saved passwords out of the Firefox browser.
Here are the items we will use:
-USB Drive (small is okay)
This will be the attack vector
This will write the Floppy image of Kon-Boot to the USB Drive.
-Kon-Boot Commercial Edition v2.0
I will not post illegal warez files, so you are going to have to find this one on your own. There be pirates.
-fgdump (fizzgig dump)
This will extract the SAM Password Hashes for Windows Users and we can take them with us.
-irongeek supplemental Kon-Boot files
We need these because of an issue v2.0 was having with booting on certain computers such as my own.
-Pre-Calculated NTLM Hash Tables:
Note: You can use the free version of 2.0, but it will only work on the following:
Microsoft Windows XP Home Edition (Service Pack 2+) 32/64Bit
Microsoft Windows Vista Home Basic 32Bit
Microsoft Windows Vista Home Premium 32Bit
Microsoft Windows Vista Business 32Bit
Microsoft Windows Vista Enterprise 32Bit
Microsoft Windows Server 2003 Standard 32Bit
Microsoft Windows Server 2003 Datacenter 32Bit
Microsoft Windows Server 2003 Enterprise 32Bit
Microsoft Windows Server 2003 Web Edition 32Bit
Microsoft Windows Server 2008 Standard 32Bit
Microsoft Windows Server 2008 Datacenter 32Bit
Microsoft Windows Server 2008 Enterprise 32Bit
- Put in your Thumb-Drive and format it to FAT.
- Disable your Anti-Virus.
- Start Unetbootin, make sure it is set on your USB Drive. Then choose the Kon-Boot Floppy disk image. Hit “OK”
- After unzipping, copy IronGeek files to USB and overwrite.
- Copy fgdump.exe to USB Drive.
- Boot victim PC with USB drive in.
- Go to BIOS settings and make sure it is set to boot from USB.
- Boot into Kon-Boot.
- Choose “1st Kon-Boot” (You may have to run this twice?)
- Then Choose “2nd Try boot from C: on HD1″ (You may have to run “1st Kon-Boot” and then HD2, or HD3, etc if the first doesn’t work)
- Get to windows Login and you can put in any password, or leave it blank.
- When windows is done loading, open your USB drive, right-click on fgdump.exe and “Run as Admin” This will dump the Hash file into a file called 127.0.0.1.
- Later on your own computer, you can open this with notepad and use the NTLM Hash Table Sites, or crunch your own Rainbow Tables.