Sam File
Results 1 to 5 of 5

Thread: Sam File

  1. #1
    The Recidivist
    Join Date
    Nov 2002
    Posts
    460

    Sam File

    I was reading somewhere that the SAM file in windows is the passwords in a hash. There are programs available that will crack these for you by hashing a supplied list of words and comparing them against the hashes in the file you are trying to decrypt. Then I read that Microsoft did something to make this process a lot harder and that available software will no longer work. Is this true and what exactly did Microsoft do to prevent these types of attacks. I do not want the program that does this just information concerning how they prevented this. Also, when you have IE save passwords for you (AUTO somthing I belive) does this also go into some encrypted file or is this availabl in plain text for anyone who knows where to look?


    hjack
    "Where the tree of knowledge stands, there is always paradise": thus speak the oldest and the youngest serpents.
    - Friedrich Nietzsche

  2. #2
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211

    The SAM

    the SAM is the Security Accounts Manager which is like the doorman at a nightclub with his clipboard for who can come in or not. it is a database that contains the accounts and passwords and rights on the system. it is not used in all windows systems like 95 or 98 but it is used in NT based systems.
    yes there are well documented tools for enumeration of the accounts from the file the most famous being lophtcrack from the infamous and previous lopht heavy industries 9created i believe by Dr mudge) who now is a sought aftersecurity consultant whom works for @stake now.
    Microsft did fix the hash problem sort of with windows 2000 as that now uses kerberos (from the cerberus three headed gatekeeper in greek mythology)

    however i believe it still stores hash information for backward compatability and indeed there are new tools for win2k security enumeration (lc4 etc etc)

    anyway hope this helps
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  3. #3
    Junior Member
    Join Date
    Feb 2003
    Posts
    27
    Yes, passwords are saved in both plain text as well as encypted I believe. I just read about this from somenes tut in the last few days. All IE usage is saved in a "hidden" folder only accessible through Dos. Someone help with the thread, I cant find it and am running later for work.
    [shadow]Who cares if it works, I just want to know WHY![/shadow]

  4. #4
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211
    Well the passwords are not stored as plain text ! they are stored using a hashing algorithm.

    but i think i know what you mean !
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  5. #5
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834

    Backwards

    Yes MS fixed the hashing problem in Window2000, however it was designed to work with NT machines so backward compatablity is turned on by default. So your really difficult password is encrypted for windows 2000 just fine and dandy, and then a copy is stored with the old nt hashing scheme and converted to all uppercase. We all agree that it is EASY to break with a few tools or some extesive know how.

    This entire situation is left over from Lan Manager, a pre-NT OS that added network features to Microsoft and was then incorporated into NT. Lan Manager is still around and you can turn it off but be warned! Some stuff will stop working, and you have to take extra steps to make sure hashing is still not being copied, because that process still happens on certain OS machines. I don't even have it turned off, yet... it's time consuming and complicated. I keep hoping MS will release some magical tool to do it for me.

    It is possible to completely disable Lan Manager and LMhash and use a newer more secure version of it. Here are some articles on the subject. Have fun, I am too scared to do this since I have many many NT stations. Has anyone been succesfull at it??

    "How to Disable LM Authentication on Windows NT [Q147706]"
    "LMCompatibilityLevel and Its Effects [Q175641]"
    "How to Enable NTLMv2 Authentication for Windows 95/98/2000/NT [Q239869]."

    Technet also has some articles www.technet.com
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •