*DISCLAIMER FOR YOUTUBE:*
THIS VIDEO DOES NOT CONDONE OR PROMOTE HACKING OR ANY OTHER ILLEGAL ACTIVITIES.
CRACKING PASSWORDS ON THE COMPUTERS YOU DO NOT OWN IS A FELONY.
Hello, my friends! Let’s hit 20K likes? Check out my website!
Today I am going to show you the Windows password hashing algorithm, explain how it works and compromise the Security Account Manager store in the latest version of Windows 11. Did you know your local password in Windows is stored as an unsalted MD4 hash? Don’t be surprised if your password gets stolen.
*Links:*
Hashcat —
SAMReader —
*Password:*
mysubsarethebest
Still got questions? Don’t hesitate, send them to contact@enderman.ch!
Hope you have a great day!
#endermanch #experiments #windows
[ad_2]
source
The handling of passwords in a Microsoft OS is complex because they use passwords for many usages. The OS (or its domain controller) will store a hashed version of the password, but there are also values which are symmetrically encrypted with keys derived from the password or from the hash thereof. The authentication protocols do not include provisions for exchanging salts when some hashing must occur client side. It is difficult to alter the password processing algorithms without impacting a lot of subsystems and potentially breaking the backward compatibility, which is the driving force of the Windows ecosystem.
It goes down to strategic priorities. Microsoft knows that altering password hashing and authentication protocols to include a salt will have some non-negligible costs which they would have to assume (by fixing all the components which are thus affected). On the other hand, not changing the password hashing is rather "free" for them, because a flaky hashing algorithm will not convince customers to switch to other non-Microsoft systems (the OS market is, in practice, a captive market); it takes a lot more to force potential customers to envision an OS switch which is very expensive. Also, password hashing can arguably be qualified as "defence in depth", a second layer which has any impact only once a breach already occurred; as such, it could be presented as being of secondary importance. Therefore, it is logical, if irritating, that Microsoft does not update its poor password processing practices.
Historically, Microsoft did only one update, when they switched from NTLM v1 to v2, and it was kind of necessary because the older LM hash was so weak that it was beginning to be embarrassing. My guess is that it involved a lot of internal hassle and they are not eager to do it again.
Well, you know what they say: "Windows security keeps only the honest people out"…
Microsoft, no… Not security through obfuscation…
Now THATS why i use Temple os
downloading a copy of this video before it gets taken down
Brilliant! Love the way you explain things. Someone once said – if you can’t explain it to a five year old then you don’t understand it.
And that’s exactly how you explain things. So simply. That’s very rare in the IT world.
My only negative is you said wallah instead of voila 12:54 😉
I know zero about computers. But don't you need the password to get into the machine you want to find the password for?
Mmm.
=====
Have to put the following or my commentary gets cut by the YT AI Robocop:
For entertainment/educational purposes only.
You're getting locked up
That's because Windows 10 and upwards aren't operating system anymore
they have become giant spying devices . . look for their new owners
"More secure and realible"
With Kernel Level Spyware And More Shity Bloat
enderman whats your favorite minecraft mob
I think he is a russian using english to entertain a korean person who uses english more than korean.
can i ask what programming languages do you know?
They gotta be doing this on purpose because ain’t no way a company that big is making a mistake this easy to fix. 😂
Insane…
Video previous title is cracking windows 11 passwords
bro really said: "Yeah Im not getting another strike, Im going all in on the disclaimers" 😂
I like the voice videos
OK so how did you FIND this?
Anyway is much more secure than Windows 9x security.
Password? Cancel button
Чувак! Я сделал это!! Конечно в твоём коде было несколько недочётов и ошибок, например Crypto.Cipher и Crypto.Hasj и вместо sam.utils надо было просто utils, но в остальном всё работает!!