We help IT Professionals succeed at work.

sam file

lpetrowicz
lpetrowicz used Ask the Experts™
on
I am trying to do a password test on our network.  It's been about 6 years since I last did it and it on was a Windows NT system.  I am now using Windows XP.  I want to use Cain and Abel to gain the hashes from the sam file.  Couple things on that.  Each time I type in where I think the location of the sam file is, I get an error when I try to run it.

My question is:  Does anyone know how to use Cain and Abel and how I get the hashes from the Sam File?  I have the Admin rights, so I am not looking for the hack side of things but a real deal how it's done.  Any assistance will be greatly appreciated.  Thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Awarded 2009
Top Expert 2010

Commented:
What exactly are you trying to do?
This tool is designed for Windows NT/2000/XP it will not work in an Active Directory environment.

It will only give you details of the local SAM file on an XP machine.
Rich RumbleSecurity Samurai
Top Expert 2006

Commented:
Use pwdump6/fgdump on a domain controller http://www.foofus.net/~fizzgig/fgdump/downloads.htm Most AV scanners will pick up on it's hacking tool status, just like they do with Cain. Then get JohnTheRipper, it runs circles around Cain for cracking M$ passwords. This is very helpful for a security audit.
-rich

Author

Commented:
richrumble,

I have pwdump5 at the present.  Six years ago I used pwdump2 but forgot how to use it since.  That is where my biggest problem is.  I need to know the steps how how to get the hashes using pwdump.
Security Samurai
Top Expert 2006
Commented:
I actaully just used cain for this same task this morning, it does dump them fine. Exporting to a file that JohnTheRipper can use however you need a good find/replace where you can append three colons to the end of every line, and replace
:"":"":AAD3B435B51404EEAAD3B435B51404EE:
and
:"":"":
with something like
:1002:NO PASSWORD*********************:
Then the file is in a pwdump format, and the no password hash's are marked with no password.

Open cain, go to the cracker tab, rightlclick in the spreadsheet part, add to list, import from local sam and check include password histories. Should take 0-2 minutes to dump.

-rich