Results 1 to 10 of 10

Thread: Passwords Of Win XP

  1. #1
    Junior Member rock_bill's Avatar
    Join Date
    Jul 2006
    Posts
    20

    Exclamation Passwords Of Win XP



    Where are Passwords of Windows XP are stored???

    How are they read by system during log in??

  2. #2
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Dear rock_bill, I must say that a bit of time and some GOOGLING on the topic would have told you more than any single person will tell...just because IT TAKES TIME TO TYPE the words...and this topic aska a lot of detailed understanding about the file system protocols and working of NTFS system as well. However a basic understading of computers will be enough to start with. Here I go:

    Passwords are stored in a file called SAM (Security Accounts Manager) which resides in the %systemroot%\\system32\\config directory but it contains them in encrypted form. This file has no extension!! Since the SP4 update of windows 2000 and all versions of Windows XP imply the additional syskey protection to the SAM files which traslates into a 128 bit encryption whic is pretty hard to break. The only way remains is the BRUTE force attack which is also a SURE SHOT attck.

    In most of the cases you will not be able to easily break the password of Windows XP. There are soe reasons like this:

    SAM file isw LOCKED by NTFS security policy at kernel mode. So even Administrtor is not allow to modify or play around with the SAM file. SAM file (and so other files of this system32\config folder) are the ones which make the registry. The SAM file follows this trend and gets loaded into the registry at HKEY_LOCAL_MACHINE\ SAM Just try to create a new key or other value...it will fail...even if you are logged in as an Administrator....because this file is locaked by NTFS security policy. It is this policy which is used when protecting your MY DOCUMENTS folder from other users.

    Now till windows is running, this file cannot be copied/deleted/modified. So the only way remains is : get the file while the NTFS security is not active. this can happen in two ways : download the ntfsdos utility and create a MS-START up disk and add the file inside zip archive to the floppy. Then issue the copy commmand to copy the SAM file to another device. ANother solution is to boot using a Live CD distro and copy the file to another media like a USB device.

    After extracting this file, you need to get the passwords inside it. For this purpose the password cracking tools like l0phtcrack or proactive sysetm password recovery can be used! HOWEVER there is an online service whioch will allow you to get your passwords from the LM and NTLM hash genrated by the l0phtcrack tool. or the other way is "brute force attack".

    Now how does the system read the passwords while you enter it in the login screen?? Very simple...you enter the pasword, it is encrypted and checked if it matches the same in the SAM file...if it does, you login or else you don't.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  3. #3
    Junior Member
    Join Date
    Sep 2005
    Posts
    17
    Now till windows is running, this file cannot be copied/deleted/modified. So the only way remains is : get the file while the NTFS security is not active. this can happen in two ways : download the ntfsdos utility and create a MS-START up disk and add the file inside zip archive to the floppy. Then issue the copy commmand to copy the SAM file to another device. ANother solution is to boot using a Live CD distro and copy the file to another media like a USB device.
    pretty odd, havent you ever tried using tools like SAMInside and tcpdump. All your NTLM/LM hashes are a click away.

  4. #4
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Yes I have tried them but they failed BRO.....even when I was the admin!!! Thats why I didnt even named them once!! they all either told me that i need admin privilieges (while I was admin at the moment) or that some file necessaryt for running was missing. ANd I have probably used much more tools like this than you...now it might happen that something was wrong with my system rather than them....but the end of the day, all I knew was: THE TOOLS WERE USELESS.

    However there was a program SAMRape which appareantly did the job but did nto output the hashes in the output file.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmmm,

    And what if you set your password to 14 characters or less

    Clue: Why wouldn't I allow Win 9x/ME on my network?

    Hint: password?

    or 12345passwordAbCdE

    That's 18 characters and very easy to remember.................just an example of course

  6. #6
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi

    Here is a useful link on Win XP Passwords


    Luck..
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  7. #7
    Junior Member
    Join Date
    Sep 2005
    Posts
    17
    [B]Yes I have tried them but they failed BRO.....even when I was the admin!!! Thats why I didnt even named them once!! they all either told me that i need admin privilieges ........... THE TOOLS WERE USELESS.
    Well, a program not working on your computer might be your mistake or that you have set some extra file protection. SamInside works on almost all computers, ofcourse there might be some that it doesnt. But usually everyone has Scheduler enabled, so you open saminside and click on import from local machine using Scheduler. On most corporate systems you will see Scheduler enabled for some or the other reason.

    If you cant run those programs working on a single machine, you can tell that they are bad. or USELESS

    ANd I have probably used much more tools like this than you
    true. you must have.

    And what if you set your password to 14 characters or less
    was this directed towards me!

    anyway, if you set a password something like this "mynameiswebdevildidyouknowthat", all the difference that it will make is you wont get a LM hash for it, cause LM doesnt support the length. While NTLM supports it. so. you would get a hash which is probably much harder to crack.

  8. #8
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    Thanks dalek....but I think most of those tips are average and can be found out by anyone who knows what are command prompt ( and knows the commands), how to handle the control panel, grpoup p;loicy and the registry. ANyway it was good.

    I add nother small tip:

    Lock an admin account so that no one is able to use the computer in admin power ... even admins can't. I assume the administrtor account is the ONLY admin account on the system. Just issue this command at the command prompt in admin mode:

    net user administrator password *

    I accidently blocked one of the admin accounts by mistake using this...it came in the help of net coomand...which i was trying to learn by the /? switch at the prompt itself. After issuing this command, the acount is completekly locked. The system will ask for password but wil not log you in. l0phtcrack and other password breaking utilities will show the password to be [empty]. I have seen this. Thankfull I had another admin account on my machine (the real and the first account that gets created while installtion) So i was able to reset the password of the locked account in safe mode.

    If someone has a cure to this LOCK, please post here. I would certaily like to know afterall what happens in that command.

    @webDEViL : I think you are right...ity must be working on other computers I too wanted to get my hands dirty for which i got those tools downloaded...what what do i do if they didnt work on my machine??? Its not my mistake...and I have no extra configuration...I found that the MD5 checksum was also right!! So might be some mis configuration in registry I always fiddle around with or some extra pretection might be enabled by some patch or update....I am not sure about that.

    Of course if you dont get results....or at least you cant see them working, anyone will think they are useles...but then you klnow...I am not allowed to use my friends machines with any admin priviledge and this program needs you to be in admin mode ( i think you knew that) and hey! why would someone in most of the cases like to break the password instaed of just creating another admin account or using the current one?? My friends dont allow me to use their PCs in admin mode just coz they think that this guy will surely creat a loophole in my system to get access afterwards. They just dunno I am not the most knowledgeble person on earth ..just I know a bit more than them!

    ANd I think that the first point in the FIGHT back section of this site is also useful...or isn't. just for reference ... it says : Start your password for NT systems with a special chareacter like *#^/ etc. This will make the LM hash complex and will take more time to crack by brute force attacks.

    Thanks.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    was this directed towards me!
    No, it was a general comment to point out the effects of password length

    A lot of free tools I have seen won't work with long passwords by design ............. the author knows how long they would take to crack, and assumes that no one would want to spend that amount of time.

    You frequently don't get a message to this effect, it just doesn't work!

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    682
    If someone has a cure to this LOCK, please post here. I would certaily like to know afterall what happens in that command.
    the cure to that is a piece of cake if you have local access...
    http://home.eunet.no/pnordahl/ntpasswd/


    doesn't matter how complex your pwd is when you (or someone else) has local access
    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •