Sam File copying Sp6 NT.4
Results 1 to 5 of 5

Thread: Sam File copying Sp6 NT.4

  1. #1
    Junior Member
    Join Date
    Oct 2002
    Posts
    6

    Sam File copying Sp6 NT.4

    I was wondering if anyone knows of a way to bypass the sp6 SAM file protection - since the update [not sure which] protects the SAM file from being copied. Thanks

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    Never really tried, but this link looks promising...

    I hope you are doing this on your own box... I'd hate to be giving out info to someone with malicious intent. I have played around a lot on my own boxes, so I will give you the benefit of the doubt...

    Link

    quick quote

    § Obtaining the SAM\Password Hashes

    Wow, how wonderful. Now we know where the goods are, and the problem is this...
    "How do I get my hands on those hashes?" The answer is "One of four ways."

    1) Probably the easiest way to do this is to boot your target machine to an
    alternate OS like NTFSDOS or Linux and just copy the SAM from the
    %systemroot%\system32\config folder. It's quick, it's easy, and it's effective.
    You can get a copy of NTFSDOS from Sysinternals(http://www.sysinternals.com)
    The regular version of NTFSDOS is freeware, which is always nice, but only allows
    for Read-Only access. This should be fine for what you want to do, however, if
    you're the kind of person that just has to have total control and has some money to
    burn. NTFSDOS Pro, which is also by Sysinternals has read/write access but it'll
    cost you $299.

    2) Once again, you may be able to obtain the SAM from %systemroot%\repair if rdisk
    has been run and you are lucky enough to have a sloppy admin.

    3) You can also get password hashes by using pwdump2. pwdump uses .DLL injection in
    order to use the system account to view the password hashes stored in the registry.
    It then pulls the hashes from the registry and stores them in a handy little text
    file that you can then import into a password cracking utility like l0phtcrack.

    4) The final way to obtain password hashes is to listen directly to the network
    traffic as it floats by your computer and grab hashes using the above mentioned
    l0phtcrack.

    check out this... there were many many more links

    Maybe you should try to run rdisk, and then you'd have access to the back file?

    Read on, it is all there...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    ***********************************
    My question is...

    How can you stop someone from doing this?

    I guess you could disable booting to floppy/cd-rom, then lock the bios and put a lock on the case?

    Any other ideas?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    **************
    I guess you could disable booting to floppy/cd-rom, then lock the bios and put a lock on the case?

    *************

    that seems to be a part of security that people don't take seriously enough. thay spend 15 thousand on a fire wall and 12.95 on a lock for the server room door...go figure.

    the main door to our building is of the type you can push open from the inside when its locked. I showed them how it could be opened from the outside with a bent rod with the bend hammered flat...nadda. At least i got them to get solid locks for the server closet and their building a secure room (heavy ac, yes!) for the new rack servers.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    hmmm well for us, we disabled booting from floppy and passworded the cmos for our workstations, and oh, we also have survalace cameras and a huge ass 1-way tinted glass window so we can see everything thats happening from the admin room and we have barred windows and motion detectors. and for our admin room. we also have a hidden camera, windows are barred, we have a motion detector incase no one is left in the room. so if someone tries to break in.. motion detectors will pick it up and sets off the alarm (also sends an SMS message to our mobile phones or pagers) and we have his/her arse on tape hehehe..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •