SAM and SYSKEY on Vista
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: SAM and SYSKEY on Vista

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    SAM and SYSKEY on Vista

    Hi all. A lot of the old tools no longer seem to work. If I copy the SAM and SYSTEM hivesoff of a Vista box none of the tools that should allow dumping of the hashes work. SamInside does not complain, but the hashes it gives I know are wrong. Cain says "Couldn't find LSA subkey int he hive file" when I try to extract the Syskey from the SYSTEM hive. Both the Windows and Linux version of Ophtcrack give me a message: "Error: no valid hash was found in this file". Anyone else play with this yet? I can email a Vista SAM and Syskey file if you want to test it yourself.

    By the way, Sala's PassWordRenew tool sill works for creating new admin accounts.

  2. #2
    AO Veteran NeuTron's Avatar
    Join Date
    Apr 2003
    Posts
    550
    Thats good news. I would hope that Microsoft has made it more difficult to get the PW Hashes. Did PWDump have any luck with it?

  3. #3
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Nope, I've not tried PWDump, but the lsass attack Cain does does not work anymore.

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    How about ERD Commander? Their password feature still work?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I don't have a copy of ERD so I can't test it.

  6. #6
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    I've tested ERD 2005, it let's you change the password and displays it as a success ...But once you try to login with the changed password, it doesn't work ... Since I did it because I forgot my old password I can't say if the old password still works ... :P.

    .C.
    Back when I was a boy, we carved our own IC's out of wood.

  7. #7
    Junior Member
    Join Date
    Sep 2004
    Posts
    9
    What im more concerned about is the WinFS (even if its not shipping with Vista). Im told only their high end products will allow Disk encryption. Logically the Decryption Key, or hash, will have to be stored outside of the encrypted space. Does anyone know if this current version allows for Disk encryption, and better yet, has any one found a way to break it? Other wise, Law enforcment is going to have a hard time soon.

  8. #8
    Junior Member
    Join Date
    Sep 2004
    Posts
    9
    And by "this version" i mean the public Beta

  9. #9
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    The "Whole Disk Encryption" is already there in the beta, it's called BitLocker. Bit of a pain to get to work if you have already installed the OS, but it's there to be played with.

  10. #10
    Senior Member Spyrus's Avatar
    Join Date
    Oct 2002
    Posts
    741
    Since I dont know a whole lot about the BiLocker technology and what I have just read didnt fully answer my questions.

    Lets say you have it running and your OS takes a crap... Can you read the Hard drive slaved on another PC? Or does it synch with the S/N on your BIOS? Is it similar to what XBOX does with their hard drives by just putting a lock on it?

    I understand it has more functionality than that and more options but I am curious how this will affect users who don't know enough to keep a copy of the key or lose it.
    Duct tape.....A whole lot of Duct Tape
    Spyware/Adaware problem click
    here

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •