The Shocking Ease of Cracking Windows 11 Passwords

Enderman

27 Oct 202414:27

Summary

TLDRThis video demonstrates how to crack Windows 11 passwords by exploiting weaknesses in its password storage method. It explains how Windows stores passwords as unsalted MD4 hashes, which are vulnerable to attacks using precomputed hash databases. The process involves decrypting the LSA key from the Windows registry, obtaining the NT hash, and using tools like CrackStation and Hashcat to crack the password. The tutorial highlights the security risks posed by unsalted hashes and emphasizes the importance of salting passwords to prevent easy exploitation. The video serves as an educational warning about Windows password vulnerabilities.

Takeaways

😀 Windows stores passwords using outdated and unsalted MD4 hashes, which are vulnerable to attacks.
😀 MD4 was published in 1990 and has known security weaknesses, including the potential for hash collisions.
😀 Passwords in Windows are hashed using a one-way function, making it hard to directly reverse the hash back to the password.
😀 Without salting, attackers can use precomputed hash databases or rainbow tables to quickly crack passwords.
😀 Modern systems should use stronger hashing algorithms like bcrypt, not MD4, for better security.
😀 The LSA key is crucial in decrypting boot keys and accessing password hashes stored in the SAM (Security Account Manager).
😀 To crack the password, the LSA key must be extracted from the Windows registry, which contains key information.
😀 The video demonstrates how the Windows registry stores parts of the LSA key in unusual ways, like hidden class names.
😀 After extracting the correct LSA key, the NT hash can be decrypted, revealing the user's password hash.
😀 Tools like CrackStation.net can be used to crack the MD4 hash by looking it up in precomputed hash databases.
😀 It’s important to secure your passwords, as weak hashing practices can make them easily accessible to attackers.

Q & A

Why is it necessary to crack a password in Windows 11 if it's easy to reset it?
-The reason to crack a password instead of simply resetting it is that resetting the password does not reveal the original password. Cracking the password allows the user to retrieve the original password, which might be useful for various purposes like accessing encrypted data or verifying the security of a system.
What is the purpose of hashing in password storage?
-Hashing is used to store passwords in a secure manner. A hash function converts a password into a fixed-length string of gibberish that cannot be reversed back into the original password, ensuring that even if a system is breached, the actual password remains secure.
What does the term 'salted' mean in relation to hashed passwords?
-Salting refers to adding random data (a salt) to a password before hashing it. This prevents attackers from using pre-computed hash databases (like rainbow tables) to quickly crack passwords by ensuring that even if two users have the same password, their hashed versions will be different.
What is the significance of the MD4 hashing algorithm in Windows password storage?
-MD4 is a hashing algorithm used by Windows to store passwords. However, it is considered weak and outdated. Its vulnerability is further compounded by the fact that Microsoft does not use salting, meaning attackers can use pre-computed hash databases to easily crack passwords stored with MD4.
Why does the video criticize Microsoft for using MD4 in Windows 11?
-The criticism stems from the fact that MD4 is an outdated hashing algorithm, first published in 1990. It has been compromised for decades, and Microsoft continues to use it in Windows 11, which exposes user passwords to security risks, especially since MD4 is unsalted.
What is the role of the LSA key in Windows security?
-The LSA (Local Security Authority) key is used in Windows to decrypt the boot key, which is then used to decrypt stored password hashes. The LSA key is crucial for accessing encrypted information about user accounts and their associated passwords in Windows.
What are the NTLM and LM hashes, and how are they used in Windows?
-NTLM (New Technology LAN Manager) and LM (LAN Manager) are two types of password hashes used in Windows. NTLM is the more modern and relevant hash, while LM is outdated and rarely used after Windows Vista. The video focuses on NTLM, as it's the current method for storing password hashes in Windows systems.
What makes NTLM hashes vulnerable to cracking?
-NTLM hashes are vulnerable because they are stored unsalted using the MD4 hashing algorithm, which is easily cracked using pre-computed hash databases or dictionary attacks. Additionally, the lack of proper security measures like salting and modern encryption makes these hashes particularly weak.
How does the video demonstrate the process of cracking a Windows 11 password?
-The video demonstrates password cracking by first decrypting the boot key using the LSA key, then accessing the NTLM hash of the password stored in the system. Once the hash is obtained, it is run through a hash database to retrieve the original password.
What software is recommended for cracking Windows password hashes, and why?
-The video recommends using Hashcat, a free software that supports both LM and NTLM hashes. It is suggested because of its capability to run powerful attacks, including dictionary and mask attacks, on a GPU, making it effective at cracking even more complex hashes.