June 14th, 2006, 10:36 PM
SAM and SYSKEY on Vista
Hi all. A lot of the old tools no longer seem to work. If I copy the SAM and SYSTEM hivesoff of a Vista box none of the tools that should allow dumping of the hashes work. SamInside does not complain, but the hashes it gives I know are wrong. Cain says "Couldn't find LSA subkey int he hive file" when I try to extract the Syskey from the SYSTEM hive. Both the Windows and Linux version of Ophtcrack give me a message: "Error: no valid hash was found in this file". Anyone else play with this yet? I can email a Vista SAM and Syskey file if you want to test it yourself.
By the way, Sala's PassWordRenew tool sill works for creating new admin accounts.
June 15th, 2006, 12:19 AM
Thats good news. I would hope that Microsoft has made it more difficult to get the PW Hashes. Did PWDump have any luck with it?
June 15th, 2006, 02:25 AM
Nope, I've not tried PWDump, but the lsass attack Cain does does not work anymore.
June 15th, 2006, 03:52 PM
How about ERD Commander? Their password feature still work?
“Everybody is ignorant, only on different subjects.” — Will Rogers
June 15th, 2006, 03:57 PM
I don't have a copy of ERD so I can't test it.
June 15th, 2006, 05:08 PM
I've tested ERD 2005, it let's you change the password and displays it as a success ...But once you try to login with the changed password, it doesn't work ... Since I did it because I forgot my old password I can't say if the old password still works ... :P.
Back when I was a boy, we carved our own IC's out of wood.
June 16th, 2006, 02:10 PM
What im more concerned about is the WinFS (even if its not shipping with Vista). Im told only their high end products will allow Disk encryption. Logically the Decryption Key, or hash, will have to be stored outside of the encrypted space. Does anyone know if this current version allows for Disk encryption, and better yet, has any one found a way to break it? Other wise, Law enforcment is going to have a hard time soon.
June 16th, 2006, 02:11 PM
And by "this version" i mean the public Beta
June 16th, 2006, 02:17 PM
The "Whole Disk Encryption" is already there in the beta, it's called BitLocker. Bit of a pain to get to work if you have already installed the OS, but it's there to be played with.
June 16th, 2006, 02:52 PM
Since I dont know a whole lot about the BiLocker technology and what I have just read didnt fully answer my questions.
Lets say you have it running and your OS takes a crap... Can you read the Hard drive slaved on another PC? Or does it synch with the S/N on your BIOS? Is it similar to what XBOX does with their hard drives by just putting a lock on it?
I understand it has more functionality than that and more options but I am curious how this will affect users who don't know enough to keep a copy of the key or lose it.
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click