|
Search The Web
|
|
|
Cracking SAM File
|
There is a wealth of programs available that will crack the SAM
file for you. You can also attempt to crack it by hand. I having
neither the time nor the skill required to do this, used a program.
Some programs I recommend are SAMinside, which unfortunately costs
money, Proactive Windows Security Explorer, which actually can
import the SAM file from memory, so you will not need to obtain it
by yourself if you are doing this on your home computer, and of
course CAIN and ABEL will do the trick as well. Most of these programs
test about 4 to 5 million passwords per second, at least on my
machine, so if the password if below 7 characters, it should be
able to crack it in one day. However, if the password is 7 or
more characters in length, then it will take a substantial
amount of time. When I did this, my password was 7 characters
in length and it took my computer just over 3 days to crack it.
|
|
|
Dark Deal :: Windows Password Hacking
|
|
Posted: Monday January 28, 2007 7:20 pm
|
The ultimate guide to recovering lost Windows passwords.
Users most commonly protect data on their systems with a
standard Windows password.
This is a good first step that keeps out the average user,
but it can be circumvented in just a few minutes. Find out
what I'm talking about on "The Screen Savers" when I give
you the ultimate guide to recovering lost Windows passwords.
|
|
Where oh where is my password?
|
Windows 2000 and XP passwords are stored in a file called
SAM (Security Accounts Manager). It's located in the
windows\system32\config directory. Passwords are encrypted
and stored within SAM as a password hash. Passwords look
something like this: 8F J7 F3 GK S3 lL O4 E1 G9. To figure
out your lost password, you have to extract the encrypted
hash from SAM and crack it.
|
|
To crack or not to crack?
|
Before you proceed, you must make a decision. Do you want to recover
the old Windows password, or do you want to reset the password? If
you want to reset the password, use a nice little utility called ntpasswd.
Ntpasswd uses password hash insertion -- it inserts a new password hash
that you've created into the SAM. This works great, but remember,
if you have encrypted anything using the Windows Encrypted File System (EFS),
you will need the original user password. That means you have to crack the password.
|
|
Cracking Windows passwords
|
To crack a Windows password you need to extract it from SAM.
1. Boot with Knoppix STD and launch a shell.
2. From the shell, you can view all your NTFS partitions via the LinuxNTFS built into Knoppix STD.
3. Navigate to the windows\system32\config directory.
4. Copy the SAM and system files to a cheap USB thumbdrive.
5. Take each of these files back to another Windows machine
and fire up SAMInside. SAMInside uses SAM and system files to
extract the encrypted hash (the SAM file is double encrypted
with SYSKEY. SAMInside gets around that).
6. Launch LC4. It will brute-force and dictionary-attack the hash marks.
Once the hash has been matched, the final password is displayed.
|
|
