Where Is The User And Password Store In Win 2000

Help - Search - Member List - Calendar

Full Version: Where Is The User And Password Store In Win 2000

GovernmentSecurity.org > System Security > Beginners Section

Anddos

Nov 10 2003, 06:12 AM

just wondering where the user name and pass so i can login with remote desktop

atomix

Nov 10 2003, 11:19 AM

SAM <-

Hardcore

Nov 29 2003, 08:10 AM

The encrypted hashes are stored in the SAM files....but you can't access them while the OS is in use. Try an alternate directory, like a recovery directory (I forgot where), that may store a copy of the SAM for you to DL.

You can then use L0pht Crack, or known as LC4 to crack the hash.

You can also use www.sysinternals.com tool NTFSDOS, to boot the machine to DOS, then DL the SAM onto the NTFS floppy. Import to your LC4 machine and crack accordingly.

-Hardcore

nexXx

Feb 24 2004, 12:57 PM

you can often find the stored sam
in "WINDOWS\repair\" or "WINDOWS\_repair\" directory

Krolden

Feb 24 2004, 09:34 PM

If I'm not mistaken the file in the repair folder are user and passwd at fresh install. When they (i.e. username and passwd) are changed, the content of the file will be useless, obviously.

metrox

Mar 4 2004, 09:03 PM

registry and sam

996633

Mar 5 2004, 02:12 PM

You can bott with a bootdisk like CIA Commander and then copy the SAM and SYSTEM file to the floppydisk. The SAM is in C:\Winnt\system32\config\
Then you can crack it with SamInside if it's SYSKEY encrypted, if not, you can also use LC4 but I'd SamInside.

manu

Mar 6 2004, 06:05 AM

Hey,

Heres the tool SAMINSIDE

Download it

Manu

ArchAngel

Mar 6 2004, 07:27 AM

^SAM^

LM hashes

nemesis

Apr 15 2004, 03:25 PM

hi, could somebody tell me where i can find it in the registry ? i found the other two, but not in the registry..

the only thing i found is in hkey_local_machine/system/services/samss/security
and i don't think it's that..

thyr0x1ne

Apr 15 2004, 03:45 PM

why not use pwdump2 once you are on the machine ... you dont need a reboot or a boot disk to get SAM file and NT accounts

Edit : sorry forgot the link

hxxp://razor.bindview.com/tools/desc/pwdump2_readme.html

peter grank

Apr 24 2004, 07:20 PM

The Usernames and Passwords are stored under c:\winnt\system32\config

Here is a very good yet simple to use program. Its DOS based, but there are no complicated functions.Passwords are retrieved in a short amount of time... even complex passwords.

So enjoy.

Here is a download link.....

http://www.freewebs.com/win2khacking/johntheripper.zip

Its called John the Ripper...

nemesis

Apr 25 2004, 09:53 PM

hehe , the well known john

i have it on my knoppix std.. but haven't finished the manual yet, cauz there are (too) many options , and in command line, it's not the same

i tried to crack my win password with LoPHT, but after several days, he still didn't found anything, except a disabled user account... is it due to a bad wordlist or a thing like that? there are special characters in the password.

i'll give johhny a try

MadMaddy

Apr 26 2004, 03:53 AM

QUOTE (nemesis @ Apr 25 2004, 05:53 PM)

hehe , the well known john

i have it on my knoppix std.. but haven't finished the manual yet, cauz there are (too) many options , and in command line, it's not the same

it has nothing to do w/ the word list and all to do w/ the special characters.

You can take a look at some other options at this http://www.governmentsecurity.org/forum/in...wtopic=7911&hl=. That should get you pointed in the right direction.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.