Penetration Testing mailing list archives
RE: Format of SAM File
From: "Pete.LeMay" <pete.lemay () whro org>
Date: Fri, 10 Jul 2009 13:10:06 -0400
First return on google search of "pwdump file format" returns this structure: Each string of a PwDump file is compiled in the following format: "UserName:RID:LMhash:NThash:FullName,Description:HomeDirectory:" . -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ron Sent: Thursday, July 09, 2009 4:06 PM To: Hernandez IV, Miguel Cc: pen-test () securityfocus com Subject: Re: Format of SAM File Hernandez IV, Miguel wrote:
All, Looking for a reference that describes the format of the windows SAM file. From what I can tell, the first column is the username and third column is the password hash, but I want to know what information is contained in the other columns. Google searches on "format windows SAM file", "understand windows SAM file", and other related searches have proved frustrating. I should mention that the SAM file was obtained using pwdump6 in case that is relevant. The format I am seeing is as follows: Username:number:password hash:another hash?:blank:blank:blank Any help is much appreciated. Miguel
Hi Miguel, There's no "standard" format, but the format that's most often used (by pwdump and fgdump, for example) is: username:rid:lanman:ntlm::: rid is basically the user id on the system -- 500 = admin, 501 = guest, 1000+ = standard users. lanman and ntlm are two different types of hashes -- lanman is weak, ntlm is reasonable. I'm not sure what, if anything the last three spots are. Hope that helps! Ron ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Format of SAM File Hernandez IV, Miguel (Jul 09)
- Re: Format of SAM File Ron (Jul 10)
- RE: Format of SAM File Pete.LeMay (Jul 10)
- Re: Format of SAM File Jeffrey Walton (Jul 10)
- Re: Format of SAM File Tim (Jul 10)
- Re: Format of SAM File Chris Brenton (Jul 10)
- Re: Format of SAM File David Howe (Jul 10)
- Re: Format of SAM File David Howe (Jul 10)
- Re: Format of SAM File Marc Ouwerkerk (Jul 10)
- RE: Format of SAM File Anthony Miracle (Jul 10)
- Re: Format of SAM File Ron (Jul 10)