How to crack an NT4 SAM database?

I remember there was a tool out that allowed one to decrypt the passwords in a Windows NT 4 Server's database. Can anyone advise me on this or what tool I can use?

:confused:

Provided what your doing is legal, morally sound or for educational purposes (prefeably all three) you can get lopht crack. Correct me if I'm wrong but I think you can downlaod older versions of this tool for free from many sites (maybe even this one) If I find it I'll let you know.

It won't decrypt the passwords just like that, it uses password lists and if those fail it trys every possible combination of characters. depending on the system running it, it may take some time. I'm sure there's others as well.

Originally, it was l0pht crack that was used to crack the SAM files but then MS re-enforced a stronger encryption method, so i doubt you can do thesame attack unless the computer is unpatched.

yeah, I think SP3 is the barrier for the simple attacks, sorry.

As long as this is on your own system (Ahhem), PWDump 3 will dump the hash from the registry (with Admin rights of course), and L0phT Crack (LC4) will do it. A dictionary based attack will most likely Not work, but I brute forced my own in just under 3 days......A very nice tool...now, it would take 63 years (and some odd days), to crack my password....Happy (legal) Cracking.......

hmmm.
I got hold of the Cracklig dictionary and ran it against my password, took 30 minuts just to get to EOF, and then moved to Brute Force......I gave up when it said it would take 168 weeks...
Oh well...LC4 is a great tool for auditing your system to make sure every user has secure passwords, and you don't need PWDump, LC3 and 4 can dump in on the local machine, or retrive it from remote machines provided Syskey is running. How ever, with the new improvments from M$ you can only get the SAM through the GUI if you have Admin rights, so if your out to crack the Admin password at your school then your fresh outa luck :P

- Noia