How do apps reset NT passes offline?
Results 1 to 2 of 2

Thread: How do apps reset NT passes offline?

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Posts
    109

    Question How do apps reset NT passes offline?

    I was wondering if anyone knows how applications like ERD Commander and LostPassword's WinKey reset the passwords of NT user accounts of syskey enabled machines(syskey passes stored on machine). I know they mount the SAM, but shouldn't it be encrypted?

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    The system needs to keep the password hashes in some form it can read. Otherwise it wouldn't be able to let you log in. Therefore, it needs to keep the key somewhere.

    AFAIK, the syskey is stored somewhere else in the SAM, so utilities can use it.

    As far as resetting the passwords is concerned, according to this doc

    http://home.eunet.no/~pnordahl/ntpasswd/syskey.txt

    If you insert old-style (i.e. unencrypted) entries into the SAM, Win2k automatically converts them on bootup into "proper" encrypted ones, which means you can then log in as those users.

    It is futile to think you can protect a system from an attacker with physical access.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •