Security Basics mailing list archives
Re: Syskey on Win2k
From: "Pez Mohr" <boredMDer74 () msn com>
Date: Wed, 5 Feb 2003 20:23:33 -0500
James Kelly wrote:
I may be wrong in this, but im pretty sure from previous "exercises" that you can't copy the sam data when windows is running. It can be accessed however, when you have admin writes. Which gives LC4 access to the data, and as far as the technet claim, I have seen in my own personal experience, LC4 get passwords in minutes. If it does have to bruteforce, this takes considerably longer...
Ah, yes, sorry about that. The SAM is indeed locked while Windows is running because it is in use. However, the hashes can be dumped by a tool such as pwdump or such, and LC4 (and previous versions) also allowed the SAM information to be extracted. How, I don't know. Again, sorry, just a memory lapse. Been a while since I needed to grab the SAM out of a 2k environment... (although this holds true for XP as well, being locked while Windows is up...whatever) Pez Mohr boredMDer74 () msn com PGP Key: http://tinyurl.com/3rmk Fingerprint: 35F0 4088 BCA3 457C FDE4 3ABC 4E02 1AD7 9EBE 09FE
Current thread:
- Syskey on Win2k Simon Taplin (Feb 05)
- Quote (was: Re: Syskey on Win2k Meritt James (Feb 05)
- Re: Syskey on Win2k Pez Mohr (Feb 05)
- RE: Syskey on Win2k James Kelly (Feb 06)
- Re: Syskey on Win2k Pez Mohr (Feb 06)
- RE: Syskey on Win2k James Kelly (Feb 06)
- Re: Syskey on Win2k ian tashima (Feb 06)
- <Possible follow-ups>
- RE: Syskey on Win2k Moeckel, Sharon (Feb 05)
- RE: Syskey on Win2k Hopkins, Joshua (Feb 07)
- RE: Syskey on Win2k Lachlan McGill (Feb 07)