Re: SAM encrypted with syskey

From: Brendan Dolan-Gavitt (bdolangavitt_at_wesleyan.edu)
Date: 02/11/05

  • Next message: John R. Morris: "Re: books or material on mail protocols"
    Date: Thu, 10 Feb 2005 22:09:35 -0500
    To: Oscar.Anzaldo@xerox.com
    
    
    

    There are utilities for extracting the syskey and decrypting the SAM at
    http://studenti.unina.it/~ncuomo/syskey/ . Note that this is the third
    result on Google if you search for "syskey" :p

    From there it's just a basic LM or NT password cracking exercise...

    -Brendan

    > -----Original Message-----
    > From: Anzaldo, Oscar [mailto:Oscar.Anzaldo@xerox.com]
    > Sent: Tuesday, February 08, 2005 10:50 AM
    > To: vuln-dev@securityfocus.com
    > Subject: SAM encrypted with syskey
    >
    > Hi list,
    >
    > Does any one knows a method to retrieve the password for the SAM
    > (NT/W2K) that has been encripted with syskey? Or bypass the system
    > startup password?
    >
    > Regards
    >
    > Oscar.
    >
    >
    >

    
    



  • Next message: John R. Morris: "Re: books or material on mail protocols"

    Relevant Pages

    • Re: Syskey
      ... > I have a question about the syskey utility..does it encrypt the SAM ... SAM database but if you move it off the system, ... Here's more info on the syskey and what it does. ...
      (microsoft.public.win2000.active_directory)
    • RE: two questions that need answering
      ... that you can't just yank the SAM and start cracking when SYSKEY is installed ... The password portion of the SAM is now encrypted by a "stronger" ... If you want to get the real password hashes, then you need to use a tool ... Windows 2000 systems, as Windows 2000 uses ...
      (Focus-Microsoft)
    • RE: Syskey on Win2k
      ... into a txt file and then just import the dumped sam into LC4 ... Subject: Syskey on Win2k ... > since I know Syskey is supposed to be 128 encryption. ... 'Syskey thwarts this attack by encrypting the SAM database using strong ...
      (Security-Basics)
    • Re: SysKey
      ... pass the decrypted hashes back to the online SAM or DC ... Also there is some Microsoft webcast about this passwords ... >protected with syskey other than default level, ... >ten minutes by first resetting the administrator password ...
      (microsoft.public.win2000.security)
    • Re: Do I need to use the SysKey utility to enhance the security?
      ... Syskey is used to protect the local sam on a computer. ... password at boot up or floppy disk to access the operating system at start ...
      (microsoft.public.security)