RE: Unwanted programs on Win2K

From: James Kelly (jim@essistants.com)
Date: 02/06/03

  • Next message: Jeremy Gaddis: "re: Unwanted programs on Win2K" 
    Date: Wed, 05 Feb 2003 20:02:13 -0500
From: James Kelly <jim@essistants.com>
To: 'H C' <keydet89@yahoo.com>, security-basics@securityfocus.com

    Just for your info, there is a thing such as .SAM files, MS office uses
    them extensively, what they do for office I don't know. Also
    lmhosts.sam is located in the system32\drivers folder. As you probably
    know its just the sample lmhosts file. But in the sense you were
    talking about, your correct.

    Jim

    -----Original Message-----
    From: H C [mailto:keydet89@yahoo.com]
    Sent: Wednesday, February 05, 2003 10:01 AM
    To: security-basics@securityfocus.com
    Subject: RE: Unwanted programs on Win2K

    Gedi,

    For the sake of accuracy:

    > However, the easiest is to crack the .SAM file.

    "Easiest" is relative. I'd go w/ the Linux bootdisk
    and utility to change the password.

    Also, there is no such thing as a ".SAM" file...it's
    just "SAM".

    > If your admins are usless you may be lucky and find
    a
    > backup copy in the repair folder (c:\WINNT\repair)

    Denigrating the admins aside, the backup copy of the
    SAM is just that...a backup copy. If the passwords on
    the local system are changed, but the repair disk
    utility isn't run, the backup will be completely
    useless to you. The backup copy of the SAM isn't
    backed up automatically...you have to run the rdisk
    utility.

    > For this you will need a copy of NTFSDOS (I'm
    assuming
    > the file system is NTFS)

    While this is one way to do it, the Linux bootdisk is
    freely available, easy to make, and results in local
    Administrator access much quicker than trying to crack
    the SAM file that may not even include a current
    password.

    Just an FYI...

     

    __________________________________________________
    Do you Yahoo!?
    Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
    http://mailplus.yahoo.com

    Relevant Pages

    • Re: RAM size
      ... The SAM file explination is here...this holds all password info. ... What I ideally decided to do is plug the hard disk into my other Windows ... Being able to login I used System Restore to reverse the system to a ealier ... I want to just delete the SAM file, bt not ure if tat is a good idea. ...
      (microsoft.public.windowsxp.general)
    • RE: Unwanted programs on Win2K
      ... the easiest is to crack the .SAM file. ... there is no such thing as a ".SAM" file...it's ... the backup copy of the ... While this is one way to do it, the Linux bootdisk is ...
      (Security-Basics)
    • Re: cracking Y2k DC Admin password
      ... IronGeek wrote a cool article about cracking local SAM with SYSKEY: ... >> - rescue in windows folder and backup sam file from it, it has admin ... Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • Re: Auditing Active Directory Passwords
      ... cracking SAM on windows is all you need for your particular task. ... Subject: Auditing Active Directory Passwords ... 2003 Active Directory did not use a SAM file for all of the domain accounts. ...
      (Security-Basics)
    • Re: Deleting the SAM
      ... Delete the entire SAM, all at once, ... regestry editing, etc. TIA ... You could install ... >other computer and find the SAM file and delete it, ...
      (microsoft.public.windowsxp.security_admin)