OK today I was able to copy the SAM with UltraISO. Upon copying I tryed it from my local machine with no errors. I copyed the SAM from a remote machine with no errors. If you extract the iso image the SAM is same file size etc.. Maybe someone could test this out to make sure.
::: EDIT ::: Just did it with WINIMAGE. Same result as above. file sizes are same etc..
Rich
oblivion2004
Apr 8 2004, 01:08 PM
QUOTE (kingvandal @ Apr 7 2004, 05:26 PM)
OK today I was able to copy the SAM with UltraISO. Upon copying I tryed it from my local machine with no errors. I copyed the SAM from a remote machine with no errors. If you extract the iso image the SAM is same file size etc.. Maybe someone could test this out to make sure.
::: EDIT ::: Just did it with WINIMAGE. Same result as above. file sizes are same etc..
Rich
with or without admin rights????
kingvandal
Apr 8 2004, 03:21 PM
well I have admin rights. But that makes no difference. You could do it with only user rights. If I may ask.. my does admin rights a question?
Rich
Killaloop
Apr 9 2004, 08:39 AM
QUOTE (kingvandal @ Apr 7 2004, 05:26 PM)
OK today I was able to copy the SAM with UltraISO. Upon copying I tryed it from my local machine with no errors. I copyed the SAM from a remote machine with no errors. If you extract the iso image the SAM is same file size etc.. Maybe someone could test this out to make sure.
::: EDIT ::: Just did it with WINIMAGE. Same result as above. file sizes are same etc..
Rich
this is the way a iso image is built. when building an iso image first the structure is built. meaning how many files are inside, the folder structure, the !filesize! and all other attributes. for this reason even when you get an error while building the image (as you got while adding the sam file) the files will be present with their original filesize inside that image, but actually the data inside that files is completely missing or messed up. so the sam file you got inside the isoimage will have the original filesize and all its attributes but not the data inside it. you can validate it by inserting one of your failed backups (where burning process interupted after few %)and open them with isobuster for example. you will see it will show all files with their original filesize but infact the files aren't on the CD only their attributes are. keep that in mind when working with images, if you can see a file its not sure its actually there! so your copied sam file is most likely worth nothing, sorry
to validate if data is present inside your samfile just open it with a hexeditor I'm almost 100% sure you will not see more than empty fields
/edit what I'm talking about is the The ISO 9660 format. Its specifying the logical format for files and directories on a CD-ROM. It provides a cross-platform format for storing filenames and directories which restricts the characters used to ensure all CD-ROM drives of all ages can read a data disc. this information is first written into an IMAGE so every ISO 9660 compatible Drive can read the image. This information contains the file and folderstructure (also the filesize). So after the sam file got analyzed and the proper ISO 9660 information got written into the image it THEN tries to access the samfile and at this point your image creaton will fail. it looks like the file is there but is not. hope you understood the little information about iso file structures
kingvandal
Apr 10 2004, 06:21 PM
your right the SAM had the right size and the file was there but the values inside of it where empty. Thanks for the ISO image info But as my signature says.. I will find how to copy the SAM :-)
illwill
Apr 11 2004, 12:13 AM
bartspe allows u to use nero so if the computer had a burner on it you can burn the SAM andSYSTEM file onto a rewritable disk for cracking later... why the SYSTEM file u might ask? because if the sam is encrypted with syskey youll need the system file too
blah
amitkr
Nov 8 2004, 01:23 PM
I have a dos bootable disk with ntfsdos in it....I can boot and copy the SAM and SYSTEM files without any problem....
I am trying to somethin else...
Is there any known method to extract the hash from the SAM file from DOS...
There are tools like gethash and getsyskey (INSIDEPRO) which runs from console but they cannot be run from MS-DOS..
I want similar utilities capable of working in DOS....This way we can save the extracted hash in the same floppy instead of copying sytem and sam files....
I know it is possible to copy the sam and system files on the same floppy by zipping them but i dun want to do that....
Anyone know such utility....
Thanx a lot
caleb
Nov 8 2004, 05:30 PM
QUOTE(amitkr @ Nov 8 2004, 01:23 PM)
I have a dos bootable disk with ntfsdos in it....I can boot and copy the SAM and SYSTEM files without any problem....
I am trying to somethin else...
Is there any known method to extract the hash from the SAM file from DOS...
There are tools like gethash and getsyskey (INSIDEPRO) which runs from console but they cannot be run from MS-DOS..
I want similar utilities capable of working in DOS....This way we can save the extracted hash in the same floppy instead of copying sytem and sam files....
I know it is possible to copy the sam and system files on the same floppy by zipping them but i dun want to do that....
Anyone know such utility....
Thanx a lot
I have been looking for something like this for quite a while without any luck. It might not be too hard to make one...
Does anyone know of a linux tool that does this? It would probably be possible to use that as a guide for creating a DOS version, or maybe just make a linux boot disk with ntfs support.
splX
Nov 9 2004, 04:45 AM
Hi guys
quite n' good in here, but dl-source isn avaiable yet. someone could upload it again please?
greez from middle europe!
amitkr
Nov 10 2004, 04:50 PM
Look Like no complete dos based hash extractor exist till date...
Will love to c one....
Have not enough info otherwise I would have tried to code one myself
Informative thread
Thanx all
lynk
Nov 10 2004, 08:28 PM
[color=blue][size=7][font=Times][SIZE=14] It looks like yo lot need some real advise. how to get the sam file even when its copy protected etc
Right so ur at the school or college network as a limited user...
Pull out ur copy of "knoppix" (one of the better run from cd linux distros) and insert.
Restart th computer. find the sam file, copy.
Now insert portable storage, preferabily on a USB memory card, or floppy disc. before you start this av a winzip or winrar file on the selected storage.
paste th sam file into the winzip or winrar file.
take out cd restart and go home.
portable storage into own pc, run SAMInside and its done.
that always works for me.
Signed by the legendary "LYNK"
amitkr
Nov 11 2004, 08:53 AM
QUOTE(lynk @ Nov 10 2004, 08:28 PM)
[color=blue][size=7][font=Times][SIZE=14] It looks like yo lot need some real advise. how to get the sam file even when its copy protected etc
Right so ur at the school or college network as a limited user...
Pull out ur copy of "knoppix" (one of the better run from cd linux distros) and insert.
Restart th computer. find the sam file, copy.
Now insert portable storage, preferabily on a USB memory card, or floppy disc. before you start this av a winzip or winrar file on the selected storage.
paste th sam file into the winzip or winrar file.
take out cd restart and go home.
portable storage into own pc, run SAMInside and its done.
that always works for me.
Signed by the legendary "LYNK"
Use AUSTRUMI Will suite all ur needs like this one...
AUSTRUMI is based on Slackware GNU Linux using Blin initialization scripts. It's is a business card size (50MB) bootable Live CD Linux distribution.
hxxp://sourceforge.net/projects/austrumi/
But my search still continues...
Looking for a pure dos based SAM hash extractor or Syskey key extractor....Nothing would be much simpler than that.... But I beleive no such tool exist as of this day
Thanx
amitkr
Nov 17 2004, 06:59 AM
I found this util to backup the registry files on a running windows machine....This requires admin rights
Heres the link
hxxp://home.t-online.de/home/lars.hederer/erunt/
thanx
TheFallen
Dec 26 2004, 07:31 AM
i know i'm probably just restating a few things but i just saw the post and i had recently played with our schoos new laptops that are locked down lol well needless to say it was very simple.
i just had an old window 98 floppy layin around and deleted just about everything asside from cmd and copy and all the drivers and what not. then you just put the ntfs dos program on there. also you need another blank floppy with only a program called ha.exe (file compression) .
once you have your disks you pop in the 98 boot disk and let it load untill you get the A:\ prompt and then you run the ntfs dos utility with the specified parameters and then when that is loaded. then you can take out that disk and pop in the other and then run the ha.exe program like this : ha.exe a system.ha DIR_of_System_file this creates the the archive on the a drive
then you use : ha.exe e system.ha
to extract the file on to your hard drive and then i used sam inside to load up the sam and system file together becuase of the syskey encryption junk and then just export it to a pwdump file and then used lc4 or 5 if you could get your hands on a demo to crack it.
Very interesting post. Could get a lot of knowledge from it. So i thougt i also say Thanks to all and dont only read teh post. Cant remember all the nicks helped me but i say to al l thx. A lot thx fpr these BartPe tipp looks nice.
SecureD
Mar 4 2005, 06:30 PM
Thanks dude for this post, I ever used to know this, but forgot So you refresh my mind, thanks!
Krozgen
Mar 9 2005, 05:12 AM
Of course, once you get the hashes, there's always the debate of how to crack it. Brute forcing has become an outdated method, friends Rainbow tables, which... well, if you haven't heard of them, you should've, are available all over the internet. If you're feeling particularly lazy, check out the service my friend and I provide using the GSO tables:
The main differences are that... 1. whilst theirs cracks once a day, ours cracks ASAP (whenever cracking isn't being done, if there's a hash available, then it starts to crack it within 2 minutes)... and 2. pretty soon, if everything goes well, we'll have an Alpha-Numeric-Symbol32-Space set. Volunteer at thePhuz.com's rainbow site to help out. Oh, and in case everyone else's plan failed (which I doubt they did XD) We have our own boot floppies which I've used numerous times to recover my own passwords... I've been really forgetful, and now combined with our cracker, it's about 1 hour from reboot (to get hashes) to logging in (with recovered password). Have fun
fulvioo
Mar 9 2005, 11:39 AM
Krozgen
Now you are going to post your link in all topics?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
But as my signature says.. I will find how to copy the SAM :-)
well needless to say it was very simple.