Importing Password Hashes

Parent Previous Next


Approaches to importing password hashes differ depending on where the password resides on the computer and your ability to access them.


L0phtCrack 7 can import password hashes directly from remote machines, from the local file system, from SAM, pwdump, or shadow files, and from Active Directory. Obtaining passwords over the network requires network access and administrator privileges to the target machine, as detailed below.


To begin the import process select Import from the Passwords Menu Sidebar on the left hand side of the main screen. When Import is selected you will see the main window display the Import Mechanisms. When you select an Import Mechanism you will see the right side of the main window change to a dialog for the inputs required such as file and machine names.


After you input the required filenames, hostnames and options for an Import Mechanism you will see the action buttons Run Import Immediately and Add Import To Queue ungray and become active. At this point you will likely press Run Import Immediately to perform the import action. Optionally you can press Add Import to Queue to build a queue. This is described in the Using Queues section below.


Next:


Import from Local Machine
For information on getting password hashes from the computer on which L0phtCrack 7 is installed.


Import from Remote Machine
For information on getting password hashes from another machine on your network.


Import from Unix/BSD/Solaris/AIX password/shadow File
To import Unix passwords hashes from a file on disk


Import from PWDump-style file
To import Windows password hashes from a file on disk


Import from SAM/SYSTEM files
To import Windows local user passwords from a registry backup


Import from NTDS.DIT/SYSTEM files

To import Windows domain passwords from a NTDS.DIT and SYSTEM registry backup