Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Banaanhangwagen/WINHELLO2hashcat
https://github.com/Banaanhangwagen/WINHELLO2hashcat
Last synced: 6 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/Banaanhangwagen/WINHELLO2hashcat
- Owner: Banaanhangwagen
- Created: 2021-11-15T08:11:28.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2022-04-22T13:57:48.000Z (over 2 years ago)
- Last Synced: 2024-08-02T07:11:35.741Z (3 months ago)
- Language: Python
- Size: 40 KB
- Stars: 63
- Watchers: 3
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-password-cracking - WINHELLO2hashcat - With this tool one can extract the "hash" from a WINDOWS HELLO PIN. This hash can be cracked with Hashcat. (Conversion)
README
# WINHELLO2hashcat
## About
With this tool one can extract the "hash" from a WINDOWS HELLO PIN. This hash can be cracked with [Hashcat](https://hashcat.net), more precisely with the plugin `-m 28100`.
This tool is extensivly tested with:
- WIN_10 21H1 and 21H2
- WIN_11.
Please read this post for more information: https://hashcat.net/forum/thread-10461.html
## Requirements
The Python-package `dpapick3` is needed.
## Usage
```
λ python WINHELLO2hashcat.py --help
usage: WINHELLO2hashcat.py [--verbose] --cryptokeys --masterkey --system --security [--pinguid |--ngc ] [--software ]
optional arguments:
-h, --help show this help message and exit
--verbose Verbose mode
--cryptokeys CRYPTOKEYS
The "\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto\Keys" directory
--masterkey MASTERKEY
The "\Windows\System32\Microsoft\Protect\S-1-5-18\User" directory
--system SYSTEM The "\Windows\System32\config\SYSTEM" hive"
--security SECURITY The "\Windows\System32\config\SECURITY" hive"
--pinguid PINGUID The PIN guid
--ngc NGC The "\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc" directory
--software SOFTWARE The "\Windows\System32\config\SOFTWARE" hive"
--windows PATH The windows offline directory. It will autodetect the system, security, masterkey, cryptokeys, ngc and software arguments
```
- **CRYPTOKEYS**-folder, **MASTERKEY**-folder, **SYSTEM** and **SECURITY** hives are mandatory
- **NGC**-folder or PIN_GUID is mandatory.
- **SOFTWARE** hive is optional; only needed to print the username
## Remarks
- On systems with a TPM (hardware or firmware versions), this script will **not** work because the needed keys are protected.
- When working with a mounted or live image, this script needs to be executed as an **admin** and the NGC-folder requires **SYSTEM-privilege**.
- Use these two commands first in order to the script can correctly acces the NGC-folder:
> TAKEOWN /f %windir%\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc /r /D Y
> ICACLS %windir%\ServiceProfiles\LocalService\AppData\Local\Microsoft\Ngc /grant "%username%":(F) /t
- Screenshot of login screen where PIN is asked. Notice that Windows does an auto-enter after the correct number of digits is entered.
- Screenshot of login where PIN is asked, but this time there is a letter/symbol added. Notice that there is **no auto-enter** anymore, but an arrow is added to the field.
- This script is provided as-is. Please report any issues.
- Happy cracking!