Hi All,
I'm running W2K pro with normal user privileges. If I make a copy of the SAM file and run a password cracking utility will it give me my password in clear text?
Any help would be greatly appreciated.
Printable View
Hi All,
I'm running W2K pro with normal user privileges. If I make a copy of the SAM file and run a password cracking utility will it give me my password in clear text?
Any help would be greatly appreciated.
One would think that the password cracking tool would give you the final password in clear text. It would sort of defeat the purpose for an admin to test password strength if he/she is unaware of what password the user is using.
And I will assume that this is *your* box and no one elses as I do not advocate or encourage people to break the law.
Errr.. yes and no. There is a location on Windows where the SAM is copied for recovery disk purposes (depending on how you've locked down your system either just admin or everyone has access to this location).
Alternatively, you can boot with DOS and NTFSDOS and copy it. And there are a few quick and dirty ways to reset the password in worst case scenarios.(google is great for finding this)
Hang on a minute... if you're running w2k pro with user privileges, it won't *let* you make a copy of the sam file, or otherwise access the SAM data.Quote:
Originally posted here by cBYTE
I'm running W2K pro with normal user privileges. If I make a copy of the SAM file...
So just stop right there.
Normal users *cannot* get the SAM file (unless they use some privilege escalation sploit first, boot from floppy and copy it, etc)
Slarty
MsMittens,
It absolutely is my box. I do not like to break into other peoples machines as I've no business.
Slarty,
I was wondering if a normal user can copy the SAM file and thankyou for letting me know that a normal user can NOT. I do have Administrator rights on the box, which means I can copy the SAM file, booting into DOS < command-prompt only >.
Also, I've read that Login credentials in the SAM file where the passwords are kept are encrypted and has another layer of encrpytion i.e. SYSKEY which is enabled by default in
W2K Pro. So as per MsMittens running a password utility will not give me my passwords in clear text. Is that correct? So why the hell there are so many password cracking utilities?
If you use a utility inside Windows to dump the SAM, like any of the samdump thingies, like pwdump2, it will spit out a passwd-style file which can then be cracked. This will work syskey or not.
Of course you need to get in as admin or localsystem for that, so theoretically you could run an offline registry editor, change the logon screensaver to cmd.exe and dump the SAM from there.
I have tried this on a system in "lab" conditions (my own box, with another OS on too) but it's not something you'll want to do to your system if you don't have a recent backup :) There is the obvious danger of breaking something rather important in the registry.
If you don't care about destroying the old admin password, you could always just reset the admin pasword and get in that way. That's the normal way of getting into forgotten password systems.
In my test system I was able to quicky retrieve the plaintext passwords after grabbing the sam with pwdump2. However my test system had very easy guessable passwords (it's behind a firewall anyway).
I have no idea how quickly it works if you have stronger passwords.
Slarty
PS: This message is not supposed to be a skript kiddies guide to cracking win2k boxes so I have been deliberately vague above.
The file may be encrypted but tools like LC4 will break that and show you the final result unencrypted.
Well, depending on how you locked down your box, normal users often have readonly access to the %SYSTEM%\repair directory. Inside is an un-syskeyed backup copy of your SAM with the hash of the administrator password you set during installation.
I don't like to get into cracking passwords, but I know the NT Password and Registry Editor Boot Disk is a great utility to change the password if you forgot it. It works great on NT & 2K and very easy to use.
Google Search: NT Password and Registry Editor Boot Disk
winternals administration pack..
emergency repair disk creation wizard.. makes an iso that lets you boot off the cd, and have access to the hdd and such.. also has a utility called "locksmith".. that will let you change the password of any account on the system.
Yeah, locksmith is sweet. In fact I firmly believe that winternals adminpack is one of the most essential admin tools for windows ever made.
NOTE: If you have any data encrypted with EFS, you will LOSE IT ALL if you reset your password this way.
Out of all the disaster recovery software I tested, Winternals Admin Pak was, hands down, the best. When you can not only repair machines locally (including resetting the Admin password), but also PXE boot them and repair them from across the network, you have my vote.
cBYTE, you're gonna have a hard time getting your password off the machine. Your best bet is to use one of the online utilities (most you can download a trial version), and reset your password. Like Info Tech Geek mentioned, Google it.
If your really intent on cracking the SAM, Lophtcrack (http://www.evadenet.com/downloads/lophtcrack.shtml) is one of the best utilities. Now, depending on your password length and complexity, Lophtcrack may run for a month or two, but eventually it'll get it.
Good Luck.
how can i get my msn messenger's password f i saved it & it logs on automatialy but i 4gotten it 4 some reasons ,, actually i've had some loses in my memory becuz i got fever hehe
yes it's true
i am runnnig windows XP
Go to www.hotmail.com and try to log into your hotmail account. When the password is worng, it will present you with a link to click if you forgot your password. Your password will then be emailed to you. I think hotmail uses a secret question method as well.
BTW, this thread is over 2 months old. It's considered rude here to reply to a thread when the dates are flashing.