Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unwanted programs on Win2K

From: "Pez Mohr" <boredMDer74 () msn com>
Date: Wed, 5 Feb 2003 15:18:51 -0500
Kamran Muzaffer wrote:

Hi Gedi,

I tried to _crack_ a .SAM file located in c:\WINNT\repair with LC4,
but it only shows Administrator and guest accounts and those are not
the current passwords either. I think windows saves the initial copy
of the password database there. That's the very reason why I think
its not that dangerous to leave that file there ( may be as a backup
) because if it is so simple to recover all the Windows passwords,
than curing it, would have been the first step in all Win security
manuals.


I heard something in the past about when first installing Windows, it will
save a backup copy of the SAM to '%WinDir%\repair'. Whenever you use
NTBACKUP, however, if you choose to backup 'System State', then it copies
the SAM and puts it in '%WinDir%\repair' (if this is incorrect, please
correct me). So if anyone has run NTBACKUP, be sure to head over to the
repair directory, and delete the backups contained there.

Pez Mohr
boredMDer74 () msn com
PGP Key: http://tinyurl.com/3rmk
Fingerprint: 35F0 4088 BCA3 457C FDE4  3ABC 4E02 1AD7 9EBE 09FE
Previous By Date Next
Previous By Thread Next

Current thread: