How to crack an NT4 SAM database?
Results 1 to 6 of 6

Thread: How to crack an NT4 SAM database?

  1. #1
    Junior Member
    Join Date
    Dec 2001
    Posts
    8

    How to crack an NT4 SAM database?

    I remember there was a tool out that allowed one to decrypt the passwords in a Windows NT 4 Server's database. Can anyone advise me on this or what tool I can use?

    Share on Google+

  2. #2
    Senior Member
    Join Date
    Apr 2003
    Posts
    147
    Provided what your doing is legal, morally sound or for educational purposes (prefeably all three) you can get lopht crack. Correct me if I'm wrong but I think you can downlaod older versions of this tool for free from many sites (maybe even this one) If I find it I'll let you know.

    It won't decrypt the passwords just like that, it uses password lists and if those fail it trys every possible combination of characters. depending on the system running it, it may take some time. I'm sure there's others as well.
    Share on Google+

  3. #3
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    Originally, it was l0pht crack that was used to crack the SAM files but then MS re-enforced a stronger encryption method, so i doubt you can do thesame attack unless the computer is unpatched.
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Apr 2003
    Posts
    147
    yeah, I think SP3 is the barrier for the simple attacks, sorry.
    Share on Google+

  5. #5
    Senior Member Wazz's Avatar
    Join Date
    Apr 2003
    Posts
    288
    As long as this is on your own system (Ahhem), PWDump 3 will dump the hash from the registry (with Admin rights of course), and L0phT Crack (LC4) will do it. A dictionary based attack will most likely Not work, but I brute forced my own in just under 3 days......A very nice tool...now, it would take 63 years (and some odd days), to crack my password....Happy (legal) Cracking.......
    "It is a shame that stupidity is not painful" - Anton LaVey
    Share on Google+

  6. #6
    Now, RFC Compliant! Noia's Avatar
    Join Date
    Jan 2002
    Posts
    1,210
    hmmm.
    I got hold of the Cracklig dictionary and ran it against my password, took 30 minuts just to get to EOF, and then moved to Brute Force......I gave up when it said it would take 168 weeks...
    Oh well...LC4 is a great tool for auditing your system to make sure every user has secure passwords, and you don't need PWDump, LC3 and 4 can dump in on the local machine, or retrive it from remote machines provided Syskey is running. How ever, with the new improvments from M$ you can only get the SAM through the GUI if you have Admin rights, so if your out to crack the Admin password at your school then your fresh outa luck :P

    - Noia
    With all the subtlety of an artillery barrage / Follow blindly, for the true path is sketchy at best. .:Bring OS X to x86!:.
    Og ingen kan minnast dei linne drag i dronningas andlet den fagre dag Då landet her kvilte i heilag fred og alle hadde kjærleik å elske med.
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •