Results 1 to 2 of 2

Thread: How do apps reset NT passes offline?

  1. March 17th, 2003, 11:11 PM #1
    infosecguru2
    infosecguru2 is offline
    Senior Member
    Join Date
    Feb 2003
    Posts
    109

    Question How do apps reset NT passes offline?

    I was wondering if anyone knows how applications like ERD Commander and LostPassword's WinKey reset the passwords of NT user accounts of syskey enabled machines(syskey passes stored on machine). I know they mount the SAM, but shouldn't it be encrypted?
    Reply With Quote Reply With Quote
  2. March 18th, 2003, 12:03 AM #2
    slarty
    slarty is offline
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    The system needs to keep the password hashes in some form it can read. Otherwise it wouldn't be able to let you log in. Therefore, it needs to keep the key somewhere.

    AFAIK, the syskey is stored somewhere else in the SAM, so utilities can use it.

    As far as resetting the passwords is concerned, according to this doc

    http://home.eunet.no/~pnordahl/ntpasswd/syskey.txt

    If you insert old-style (i.e. unencrypted) entries into the SAM, Win2k automatically converts them on bootup into "proper" encrypted ones, which means you can then log in as those users.

    It is futile to think you can protect a system from an attacker with physical access.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules