Sam File Under Win2k

GovernmentSecurity.org > The Archives > General Network Security

agentsim

Oct 8 2003, 05:56 AM

Hi all,

I am completely new to the world of network/computer security... so go easy on me

I am trying to figure out if it is possible for me to remotely retrieve the SAM file or registry password hashes on a windows 2k/XP machine without administrator priviledge.
I have heard of the tools pwdump 1/2/3 but they seem to require admin priviledge and then perform a remote registry query, is this correct?

I have also heard that network sniffing can often reveal password hashes in transit, as it were, across the network. Is there is newbie friendly guide to packet sniffing, tools, protocols etc...

I am not new to computers in general, I know programming languages, use Linux quite happily etc... so I am not afraid to compile code for myself....

Cheers,

-agentsim

donfrabrizio

Oct 9 2003, 11:59 AM

I'm not as fortuned as you.I don't know a lot of languages and remote access, I just hope it's of any help , but this is how I do it.

I go into dos on the targets system , if it's win 2000 or xp I use ntfsdos to get past the ntfs partitions which cant be seen under dos .Than I copy the hash by hand (it's the most secure one)

just search into the directory c:\windows\system\config\ and there you will find the files sam and system.key

copie these on a disk.

Once your home you can put it on your HD and run the program saminside over it.It's a decryption program .It will take a while , but it's the only way I know how to get the access without changing the password and without administrator privelliges.

mekros

Oct 10 2003, 12:55 AM

about packet sniffing... here...
tools?... uhhh... lemme post bout it later...
protocols?... rfc's are great man...

i think l0phtcrack can import the SAM data remotely... but like the others.... you need admin access... i advice that you first find a way to gain access... then escalate your privilege...

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.


Help - Search - Member List - Calendar Full Version: Sam File Under Win2k GovernmentSecurity.org > The Archives > General Network Security agentsim Oct 8 2003, 05:56 AM Hi all, I am completely new to the world of network/computer security... so go easy on me I am trying to figure out if it is possible for me to remotely retrieve the SAM file or registry password hashes on a windows 2k/XP machine without administrator priviledge. I have heard of the tools pwdump 1/2/3 but they seem to require admin priviledge and then perform a remote registry query, is this correct? I have also heard that network sniffing can often reveal password hashes in transit, as it were, across the network. Is there is newbie friendly guide to packet sniffing, tools, protocols etc... I am not new to computers in general, I know programming languages, use Linux quite happily etc... so I am not afraid to compile code for myself.... Cheers, -agentsim donfrabrizio Oct 9 2003, 11:59 AM I'm not as fortuned as you.I don't know a lot of languages and remote access, I just hope it's of any help , but this is how I do it. I go into dos on the targets system , if it's win 2000 or xp I use ntfsdos to get past the ntfs partitions which cant be seen under dos .Than I copy the hash by hand (it's the most secure one) just search into the directory c:\windows\system\config\ and there you will find the files sam and system.key copie these on a disk. Once your home you can put it on your HD and run the program saminside over it.It's a decryption program .It will take a while , but it's the only way I know how to get the access without changing the password and without administrator privelliges. mekros Oct 10 2003, 12:55 AM about packet sniffing... here... tools?... uhhh... lemme post bout it later... protocols?... rfc's are great man... i think l0phtcrack can import the SAM data remotely... but like the others.... you need admin access... i advice that you first find a way to gain access... then escalate your privilege... This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.