How to learn the password in the local area network

How to learn the password in the local area network

In Windows XP the passwords (more precisely – a hash function of passwords) are stored in the SAM file which is in system32 folder. The operating system does not give the chance to view this file. The main ways to recognize the admin password by a local area network are the traffic sniffing used for interception of a hash of passwords and search of passwords to shares.

It is required to you

  • - program-sniffer;
  • - smbrelay utility;
  • - utility for search of passwords.


1. Send the letter in a HTML-view to the administrator of the remote computer. Place the link in the letter, for example, on the drawing which is on share of your computer. After the e-mail client opens the letter, a request for opening of the file from share will be sent. During connection of share when using the smbrelay utility intercept LanMan a hash.

2. If the built-in Guest account is not blocked (respectively? access to the system registry is allowed), place in the shared folder intended for file sharing, the program for remote administration. In a registry key of HKCU\Software\Microsoft\Windows\CurrentVersion\Run create parameter with the indication of path to this program.

3. For implementation of means of remote administration use an error of "Conductor" when processing expansions of files. Create the batch file with the name Readme.txt which will create share with full access to a disk C. Assign it the name which will not cause suspicions, for example, of TEMP$. At the same time the started file will be displayed with the txt extension, and in one folder with it there will be a program for remote control of the computer.

4. To learn the admin password of the computer running the Windows NT/2000 operating system, use one of utilities for search of passwords: NAT, RedShadow, Brurus-AE or any other which can be found in free access on the Internet. Passwords at the same time can be touched both according to the dictionary, and by means of simple search. And the second way is the most effective.

Author: «MirrorInfo» Dream Team