Re: NT Sam Hashes

From: shawn merdinger (dinger@gslis.utexas.edu)
Date: 04/25/02

• Previous message: Noah Salzman: "ssh.com & OpenSSH with DSA keys"
• In reply to: Remington Winters: "Re: NT Sam Hashes"
• Next in thread: Remington Winters: "Re: NT Sam Hashes"
• Next in thread: shawn merdinger: "Re: NT Sam Hashes"
• Reply: Remington Winters: "Re: NT Sam Hashes"
• Reply: Steve: "Windows XP vs 2000 - SAM related"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 25 Apr 2002 15:39:32 -0500 (CDT)
From: shawn merdinger <dinger@gslis.utexas.edu>
To: Remington Winters <fyreguy@rivetgeek.com>

On Wed, 24 Apr 2002, Remington Winters wrote:

> You cant access local SAM files while the OS is running,

afaik, this is incorrect. pwdump2 will dump passwords while the box is
running (hacking exposed: windows 2000 pg. 155). Also, passwords can be
extracted from a running box using lsadump2.

> you need to boot
> into dos and copy off the files.

Correct...this was one of the first ways to grab the sam file.

> There is also a way to do it while logged
> in by getting the NT scheduler to run regedit32 ( it runs at system
> permissions).

Interesting. How about if it was sceduled using the AT command?

My two pesos...corrections welcome :)

-scm

>
> ----- Original Message -----
> From: "Andrew Blevins" <ABlevins@arrowheadgrp.com>
> To: "'Security Basics'" <security-basics@securityfocus.com>
> Sent: Wednesday, April 24, 2002 9:30 AM
> Subject: NT Sam Hashes
>
>
> > Have any of you had experience with this?
> > I've been learning about some of the sam hash dump programs out there
> (check
> > @stake, sec33.com, etc.) and have found them to be very useful in dumping
> > the sam hash of the machine they are run on locally. However, I have been
> > unable to figure out how to dump the sam hash from a sam *file* I have
> saved
> > locally. Has anyone had any luck with this before? Thanks in advance for
> any
> > help.
> >
> > Blev
> >
> >
>

---

• Previous message: Noah Salzman: "ssh.com & OpenSSH with DSA keys"
• In reply to: Remington Winters: "Re: NT Sam Hashes"
• Next in thread: Remington Winters: "Re: NT Sam Hashes"
• Next in thread: shawn merdinger: "Re: NT Sam Hashes"
• Reply: Remington Winters: "Re: NT Sam Hashes"
• Reply: Steve: "Windows XP vs 2000 - SAM related"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: LC4 (L0phtCrack) error "Couldnt open SAMDomainsAccountUse rs in SAM file. Possibly improper ... Have you tried using regback to export the SAM? ... I'm trying to import some SAM files into LC4, ... Training features 6 hand-on courses on May 12-13 taught by professionals. ... (Pen-Test) Re: Moving SAM for Exchange 5.5 move to SW2k ... Technically you dont move the SAM. ... ADC in, the users have been replicated, and you have no other issues, you ... > two SAM files, do I just take the SAM file ... > into the SW2k directories? ... (microsoft.public.exchange.setup) Re: NT Sam Hashes ... I have been unable to figure out how to dump the sam hash from a ... sam *file* I have saved ... Automatically check & forward your external email at http://www.mail-x-change.com?r ... (Security-Basics) Re: Windows XP Administration ... > Kindly explain the route of going the lmhash from the SAM ... dump of your SAM file into a plain text file called "passwd.txt" in the ... Go there and click on "Download free trial version of PWSEX 1.10". ... then a third row that has two tabs: "Hashes" and "Whatever attack type ... (microsoft.public.windowsxp.security_admin) Re: Offline sam dump? ... Subject: Offline sam dump? ... I'm conducting a small scale pen-test for a client... ... fully patched Win2k Pro boxes, with WinXPs scattered amogsnt the network ... (Pen-Test)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)