Hack Windows Password in Clear Text using Mimikatz and Windows Credentials Editor

Mimikatz

mimikatz is a tool to check Windows security. It’s now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

First Download mimikatz windows version from here. And right click on it & Run it as Administrator.

It will open mimikatz windows.

Type the following command to check  privilege

privilege::debug

Now type the following command to get users passwords in text mode.

sekurlsa::logonPasswords

Windows Credentials Editor

Windows Credentials Editor (WCE) is a security tool that allows to list Windows logon sessions and add, change, list and delete associated credentials (e.g.: LM/NT hashes, Kerberos tickets and clear text passwords).

First Download WCE from here.

Go to WCE directory & execute the following command as Administrator. And run the following command

 wce.exe -w It will show the password in plaintext.

How to Find your IMEI No. of Your Lost Android Phone

From Wikipedia

The International Mobile Station Equipment Identity or IMEI is a number, usually unique, to identify 3GPP (i.e., GSM, UMTS and LTE) and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone, but can also be displayed on-screen on most phones by entering *#06#on the dial pad, or alongside other system information in the settings menu on Smartphone operating systems.

The IMEI number is used by a GSM network to identify valid devices and therefore can be used for stopping a stolen phone from accessing that network. For example, if a mobile phone is stolen, the owner can call his or her network provider and instruct them to “blacklist” the phone using its IMEI number. This renders the phone useless on that network and sometimes other networks too, whether or not the phone’s SIM is changed.

The IMEI is only used for identifying the device and has no permanent or semi-permanent relation to the subscriber. Instead, the subscriber is identified by transmission of an IMSI number, which is stored on a SIM card that can (in theory) be transferred to any handset. However, many network and security features are enabled by knowing the current device being used by a subscriber.

Open google.com/settings, sign-in with your Google account and expand the Android tab.

 

How to use Your Pen drive as a Password in Windows 7

Insert the Pen drive in Your PC
Now Open the Run Dialog box and Type ‘compmgmt.msc ‘ and click OK button.

Select ‘Disk Management’ in left panel of computer management.

Right click your pen drive and select ‘Change Drive Letter and Paths’

Click the change button and Change Drive Letter Select A and click OK button. Now your pen drive act like a Floppy Disk.

Open Run Dialog box type syskey

Click on Update

Select ‘Store Startup Key on Floppy Disk’ and click OK button.

Finally, when you start your PC you need to insert pendrive. Without Pendrive you will not able to access your computer. So keep this Pendrive as PC password Protected safe

Sommay jain is a budding lawyer. He likes to discover new facts and tools. He has performed the role of a trainee, developer, programmer, cyber law expert. His interests are mainly in IT business, and management.

Network Penetration Testing using Android Phone (zANTI Tutorial Part 1)

zANTI is a mobile penetration testing toolkit that lets security managers assess the risk level of a network with the push of a button. This easy to use mobile toolkit enables IT Security Administrators to simulate an advanced attacker to identify the malicious techniques they use in the wild to compromise the corporate network.

First download from here and install the app in your android phone.

Press start now and then skips the next step.

Move ahead by clicking next and then select the check box to enable penetration testing and press finish.

The next window will show you all the computer and mobiles connected in your network.

Select the desired connected victim from the list. In my case, victim ip is 192.168.0.102

You can see the available actions to scan the victim’s pc. Now click on scan button

Turn on smart scanning and proceed further

Check the scan log.

You can now see the list of open ports of the victim’s pc.

For more information about the penetration testing  of network using zANTI, wait for the upcoming arcticle of the series.

Author: Sommay jain is a budding lawyer. He likes to discover new facts and tools. He has performed the role of a trainee, developer, programmer, cyber law expert. His interests are mainly in IT business, and management.