Sim-X
asked on
Dumping Password Hashed Off A Sam File (XP PRO)
I am running XP Pro and need to recover the admin password. I have a copy of the same file and want to run a bruteforce on it. Problem is, is that it has syskey on it. How would I got about dumping the password hashes off of a sam file that I have?
thx
Sim-X
thx
Sim-X
ASKER
If I had acccess to an admin account on there, could I dump the password hashes into a log file? Otherwise, can I just delete the sam file to reset it or just add an account to the sam file and replace it?
thx
Sim-X
thx
Sim-X
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
there is also a program called pwdump2 written by Todd Sabin that circumvents syskey. Get it at http://www.webspan.net/~tas/pwdump2/
Basically it uses DLL injection to load its own code into the process space of highly priviliged process. Once the it can make an internal API call that accesses the syskey-encrypted passwords... not even having to decrypt them.
Administrator privilege is required!
This program is more like a highly efficient virus.
Also you got to find the process ID (PID) for lsass.exe manually before it will work.
:
Basically it uses DLL injection to load its own code into the process space of highly priviliged process. Once the it can make an internal API call that accesses the syskey-encrypted passwords... not even having to decrypt them.
Administrator privilege is required!
This program is more like a highly efficient virus.
Also you got to find the process ID (PID) for lsass.exe manually before it will work.
:
> I am running XP Pro and need to recover the admin password.
No you don't, you need the Install CD for XP
> I have a copy of the same file and want to run a bruteforce on it.
now, if you were not admin, just how'd you go there?
Use Install CD like real administrators do, and quit asking how to swipe the passwords of others or your career path will be rather brief
No you don't, you need the Install CD for XP
> I have a copy of the same file and want to run a bruteforce on it.
now, if you were not admin, just how'd you go there?
Use Install CD like real administrators do, and quit asking how to swipe the passwords of others or your career path will be rather brief
Sunbow how do you use the cd to recover the password?
i have had several systems where a user on my network has forgotten the local administrator password for their machine and something has happened where logging into their original limited account is broken, most people dont like to reinstall when a password to windows is all thats stopping them... quite a legitimate
i have had several systems where a user on my network has forgotten the local administrator password for their machine and something has happened where logging into their original limited account is broken, most people dont like to reinstall when a password to windows is all thats stopping them... quite a legitimate
As cduke250 mentioned, pwdump2 can pull out the password, then LC4 ( http://www.atstake.com/lc/ ) or the much better John the Ripper ( http://www.openwall.com/john/ ) can still pull it out.
Also, the password reset boot disk that sKuLLsHoT mentioned can definitely work even if syskey is enabled--I've done it many times.
~ewall
Also, the password reset boot disk that sKuLLsHoT mentioned can definitely work even if syskey is enabled--I've done it many times.
~ewall
There's also a program called samdump2.exe that works similar to pwdump2. (Just plain samdump.dll was used with pwdump, but that's different.)
I can't get a URL for it at the moment because of the proxy here at work...
~ewall
I can't get a URL for it at the moment because of the proxy here at work...
~ewall
ok dude the way you do this is you get the Sam file and the System file and put them in a program called Sam Inside. you than export it in pwdump form. you import it in a program called LC4 and than brute force it.
this is going to take a long time
this is going to take a long time
try lopht cracker. with a fast computer, you should have the password in 10 or 20 years.