Re: Encrypted SAM file

["Chris St. Clair" <chris_stclair () hotmail com>]

Evidently there is a way to do it. Check out
http://home.eunet.no/~pnordahl/ntpasswd/

This linux-based boot disk utility has a way to get around it,
and disable it(syskey that is). Perhaps perusing through the source
will give you some ideas.

Or, if you can load the stolen SAM onto a system you have physical
access to, boot with that disk and then manually dump the hashes.
Can you do that? Will it work? I don't know. Just an idea.

Good luck, and let me know if it works.

-chris

--
Interesting problem.

I was trying to use pwdump3 to download the hashes from an NT server. The
problem is that this server will not allow access to the admin share.
However I was able to gain access to the C$ using Hyena and a admin
equivalent user account which also does not have access to the admin share.
I was able to access the repair directory and get the compressed sam and
expanded it. The file appears to be encrypted using the Syskey. Any ideas on
how to get pass the encryption. I thought that there was a way to use
pwdump3 to do this but its looking for a server name not a file name.


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/