• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1592
  • Last Modified:

Dumping Password Hashed Off A Sam File (XP PRO)

I am running XP Pro and need to recover the admin password. I have a copy of the same file and want to run a bruteforce on it. Problem is, is that it has syskey on it. How would I got about dumping the password hashes off of a sam file that I have?
thx
Sim-X
0
Sim-X
Asked:
Sim-X
1 Solution
 
MCSE-2002Commented:
Not gonna happen. If it has syskey, you probably wont be able to crack it.

try lopht cracker. with a fast computer, you should have the password in 10 or 20 years.

 
0
 
Sim-XAuthor Commented:
If I had acccess to an admin account on there, could I dump the password hashes into a log file? Otherwise, can I just delete the sam file to reset it or just add an account to the sam file and replace it?
thx
Sim-X
0
 
sKuLLsHoTCommented:
u need this?

http://home.eunet.no/~pnordahl/ntpasswd/

best utility i ever found, it is stopped only when the machine u want to recover was an AD domain server.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
cduke250Commented:
there is also a program called pwdump2 written by Todd Sabin that circumvents syskey.  Get it at http://www.webspan.net/~tas/pwdump2/ 

Basically it uses DLL injection to load its own code into the process space of highly priviliged process.  Once the it can make an internal API call that accesses the syskey-encrypted passwords... not even having to decrypt them.

Administrator privilege is required!

This program is more like a highly efficient virus.

Also you got to find the process ID (PID) for lsass.exe manually before it will work.

:
0
 
SunBowCommented:
> I am running XP Pro and need to recover the admin password.

No you don't, you need the Install CD for XP

>  I have a copy of the same file and want to run a bruteforce on it.

now, if you were not admin, just how'd you go there?

Use Install CD like real administrators do, and quit asking how to swipe the passwords of others or your career path will be rather brief
0
 
sKuLLsHoTCommented:
Sunbow how do you use the cd to recover the password?

i have had several systems where a user on my network has forgotten the local administrator password for their machine and something has happened where logging into their original limited account is broken, most people dont like to reinstall when a password to windows is all thats stopping them... quite a legitimate
0
 
ewallCommented:
As cduke250 mentioned, pwdump2 can pull out the password, then LC4 ( http://www.atstake.com/lc/ ) or the much better John the Ripper ( http://www.openwall.com/john/ ) can still pull it out.

Also, the password reset boot disk that sKuLLsHoT mentioned can definitely work even if syskey is enabled--I've done it many times.

~ewall
0
 
ewallCommented:
There's also a program called samdump2.exe that works similar to pwdump2. (Just plain samdump.dll was used with pwdump, but that's different.)

I can't get a URL for it at the moment because of the proxy here at work...

~ewall
0
 
jdissuesCommented:
ok dude the way you do this is you get the Sam file and the System file and put them in a program called Sam Inside. you than export it in pwdump form. you import it in a program called LC4 and than brute force it.

this is going to take a long time

0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now