[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 472
  • Last Modified:

Using LCP to extract a forgotten Windows Admin pwd. SAM & SYSTEM copies copied to a working XP system (from KNOPPIX) Problem is...

When I hit OK after entering the locations of SAM & SYSTEM it yields an error message that states:

Error while opening key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\COntrol\Lsa
The system cannot find the path specified.

The rest of the path to the error couldn't be shown in the small dialog box. The only path I found in that LSA registry entry was a %SystemRoot%\system32\ntmarta.dll  and that file looks pretty intact to me.

Thanks :)
1 Solution
Do you *have* to crack it? You can very easily just reset it, even with syskey, using the NT pass reset util from: http://home.eunet.no/pnordahl/ntpasswd/

If you need to properly discover the password use pwdump via a Windows PE derivative (32bit "live" windows boot CD type thing), then RainbowCrack. BartPE is the common one floating around. RainbowCrack is a pre-compiled hash comparison cracker. It generates all possible hash combinations, then compares them to the dumped sam. The hashes take a few days to generate (unless you have the luxury of a 128-way sparc box) and will weigh in at several gigs, but will crack most admin passwords in seconds from a full set of hashes.
CaptainPickardAuthor Commented:
"You can very easily just reset it, even with syskey, using the NT pass reset util from: http://home.eunet.no/pnordahl/ntpasswd/"

I will assume this works - got the .iso burned - thanks!

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now