Printable View
I am using Windows XP, trying to use Auditor to get sam and system file like this thread directs
http://www.antionline.com/showthread...hreadid=267039
When I use this command:
bkhive-linux /mnt/hda2/WINDOWS/system32/config/system saved-syskey.txt
i get the error:
Bkhive [email protected]
Error accessing key JD
Wrong/Corrupt hive??
What could be the problem?
you arent trying to get the correct file. Saved syskey.txt is not the sam file I dont think, but I could be completly wrong.
thats what it says to do in the tutorial
And have you checked your path? Is it in a directory called WINDOWS or is it WINNT or something else?
the paths are just fine, it is WINDOWS/system32/config/sam and WINDOWS/system32/config/system
And is the hard drive mounted? Is the right drive (hda? hde? I thought you had a RAID setup)
i am on a different computer, that was my home computer, im back at college. (that computer just was so confusing). Yeah the hardrive is mounted as hda2 and i explored it to make sure it was the right drive, WINDOWS/system32/config/sam and system are both there.
Which drive/partition is Windows on? Are you sure it's hda2? By the way, there is a video version at:
http://www.irongeek.com/i.php?page=v...amdump2auditor
Could you hive us an ls of /mnd/hda2?
What kind of college computer is it? A lab one you built or one the school built? Any chance they've got something like Deepfreeze on it?
You can also try the SAM and SYSKEY in C:\WINDOWS\repair\ and see if you get the error.