Win XP SAM files - Page 2
Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Win XP SAM files

  1. #11
    Junior Member
    Join Date
    May 2003
    Posts
    12
    what are common local machine passwords that would be stored? like logon for the users? maybe screen savers? what about any passwords that would be from sites for example like this forum how it can auto log you on, those would be stored in cookies or somewhere else right. sooo its been awhile since i set alot of local machine passwords since ususally im the only one to use my comp. what other local passwords might you find?

  2. #12
    Junior Member
    Join Date
    Feb 2003
    Posts
    14
    for example if ur brother suppose has a password protected user account as a guest on ur pc and u have the administrator account on the same pc. The password by which ur brother use to login into his account that password is saved in the SAM file as well as urs.
    There are only two things which are finite, one is the universe and the second is the human stupidity.

  3. #13
    Junior Member
    Join Date
    May 2003
    Posts
    12
    yeah i know that any users that make other account to use the computer the passwords goto the SAM, but is there any other passwords that you would find in there. or is the SAM only for account/user passwords? nothing to do once they log in and start putting in passwords for whatever else they might be doing?

  4. #14
    Junior Member
    Join Date
    Feb 2003
    Posts
    14
    Only user account password. But there are some other programs which can do the job for u like the passwords which are saved in the cookies.
    There are only two things which are finite, one is the universe and the second is the human stupidity.

  5. #15
    Junior Member
    Join Date
    May 2003
    Posts
    12
    ok i dunno if this is crossing the line between spamming or personal protection. but what program can you use to scan your cookies to see what passwords of yours are stored in your cookies? i mean im the only one that uses my computer. but i wanna start to learn what gets stored where for security. thanks.

  6. #16
    Member
    Join Date
    Oct 2003
    Posts
    43
    heh.. i got the SAM file for my school...
    ammon

  7. #17
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    Just think of the SAM as the /etc/passwd file of the Windows world. I got about a $1.25 worth, so here goes:

    1.) The SAM not only contains hashes for user accounts, but also for user groups and on domain controllers it contains the hashes for computer accounts.

    2.) The Win2K post SP2 and XP SAM itself is pretty secure (128-bit). There are only 4 ways that I know of to get the SAM. Three of these four require either physical access or administrative privelage. The last is to sniff the password hashes from the network durring the authentication phase of domain logon.

    3.) Sniffing hashes only works if the domain security policy allows LanMan or old-style 40-bit (pre-Win2K SP2) challenge, and if the firewall is configured sloppy. If the newer kerberos encryption is used, It's not impossible to crack, but a lot harder to do. Blocking TCP/UDP 135-139 and 445 will stop it.

    4.) If it's an NT 4 or Win2K pre SP2 box, Why bother cracking the SAM for user accounts and passwords when the Local Security Authority is so much easier to crack, as it stores service account names and passwords in plain text, caches the password hashes of the last ten users to log onto the machine, caches FTP and Website passwords in plain text, and computer account passwords for domain access.

    Better yet, if you can get to the SAM (because the firewall isn't blocking the NetBIOS ports and user permissions allow "Everyone" full control of systemroot), just delete it. If syskey isn't installed, deleting the SAM will blank out the Admin password, and this works on Win2K and XP! Not only will it blank the password, if the account was renamed, it reverts back to the default Administrator.

    Even worse, if the machine in question were using EFS, they're really screwed, as all the files will be decrypted automatically when Administrator is logged on, as the Administrator is the default key recovery agent for EFS.

    EDIT: I took part out cause I didn't want the script kiddies to see it. It was pretty step-by-step. Sometimes I go off on a tangent.......

    The key to any of these attacks is a network that is improperly secured and an administrator that doesn't do their job. If the OS is patched properly, vulnerable ports are blocked at the border routers and firewalls, strict security and group policies are implemented, and the administrator is dilligent, these attacks can be prevented.

    And now I'm broke! Can anyone spare some change.....I need a soda!

  8. #18
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Some miscellaneous information that people missed. Remember that L0phtCrack costs about $350 though, not the ideal program for home users. The hashes are (AFAIK) made using md5, so if you can find out a very few specifications, you could easily write a program to brute force the SAM once you have it.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  9. #19
    Junior Member
    Join Date
    May 2003
    Posts
    12
    How hard would it be to program your own brute program? Because im learning c++ in school right now and im done like the first year or semester the "11" course and going on to the second half of it next week. so how proficient do you need to be with c++ to write one? maybe i should post this in the programming section?

  10. #20
    Senior Member
    Join Date
    Nov 2002
    Posts
    186
    To brute force the password you would want to find out what algorithm hashed (encrypts) the password and then write a program that hashes a dictionary of possible passwords and compares them to the one stored in the SAM. If the "guess" matches the one in the SAM, you will have figuered out the password. The only thing is that you would have to program a very complex mathematical algorithm, but it could be done.
    Hopefully, this makes sense and is correct. I am not sure this is the easiest way to do it, but it's how I would try it. If I'm wrong, please correct me.
    Good luck!
    \"When you say best friends, it means friends forever\" Brand New
    \"Best friends means I pulled the trigger
    Best friends means you get what you deserve\" Taking Back Sunday
    Visit alastairgrant.ca

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides