Jump to content

- - - - -

Sam File cracking

  • Please log in to reply
7 replies to this topic

#1 jamie79512


    SUP3R 31337 P1MP

  • Members
  • 275 posts

Posted 01 March 2006 - 12:31 AM

Heres the thing, i have windows and dont plan on installing linux on here yet and i need a program for windows that cracks sam files.. are there any out there?

#2 riscphree


    Dangerous free thinker

  • Members
  • 1,936 posts
  • Gender:Male

Posted 01 March 2006 - 01:10 AM

wow, this is a popular idea all of a sudden.

check out Irongeek's website. irongeek.com

there you will find a video for you to watch :)

#3 Snippet


    mad 1337

  • Members
  • 143 posts

Posted 01 March 2006 - 11:42 AM

Why dont you just use a live cd? Im sure Backtrack has something for that on it. If not (which is higly doubtful) try out Auditor, Whax or Knoppix-STD if you wanna go old school.

#4 Irongeek


    Dangerous free thinker

  • Agents of the Revolution
  • 1,516 posts
  • Location:Louisville, Ky more or less

Posted 01 March 2006 - 01:49 PM

Backtrack does have bkhive and Samdump2:

<site whore>
</site whore>

Since the files will be locked if you are up in Windows (unless you move that HD to another box) you will pretty much have to use a Linux boot CD. If you are already and admin, you could get the hashes with pwdump in Windows.

#5 Evil1



  • Members
  • 117 posts
  • Location:Uranius (heh heh)

Posted 01 March 2006 - 05:56 PM

I've said this in past posts. The best windows password cracker is Sam Inside. You need both the sam file, and the system file (for the syskey encryption table). The emo version comes with a handy commandline tool that will get the syskey file from the system file. The system file is like 8 meg at best, and the syskey file is no more than 16k. The demo isnt bad, but the full version is better. message me for the full version.

If you dont want to crack anything, get ahold of passware winkey. Its a bootable CD that skips all the BS and resets the admin password. Once again, theres a demo version (for use with just plain windows) and the enterprise version. I like the enterprise version for Its windows network and active directory recovery support. And once again, just message me for that version.

#6 covance


    The phorce is with me!

  • Members
  • 75 posts

Posted 02 March 2006 - 10:11 AM

There are definitely two ways to do this. In my experience, Trinity Rescue CD is the one of the fastest ways to blankout the Admin password. It works on just about any IDE machine you stick it in. Bascially you run its script and it blanks the password. BAM, you're on the box in less than 60 seconds and hacking away. Now if you want to recover a password, I would use Ophcrack. There is a live CD that will boot into Ubuntu Linux, mount your drives and start cracking the password. If you work with Rack Servers in a data center, then Trintiy probably won't work.
I find that it cannot find the RAID controllers properly. The Ophcrack CD worked fine on some older servers and found the RIAD controller fine. We tested it on some Proliant DL380 G4 Servers and it found the drives, so this may work on a majority of servers. When it comes down to it, depends on what you are actually trying to do. If you want all of the passwords, use Ophcrack. You want to have controll, use Trinity. Have fun!


#7 chedder


    SUP3R 31337

  • Members
  • 170 posts

Posted 02 March 2006 - 07:11 PM

whenever i used to do it (havent in a year or two), i'd use pwdump2 to dump a hash, and crack that with john the ripper, usaly got the pass in >5 minuts.

#8 Metalhead1504


    Will I break 10 posts?

  • Members
  • 4 posts

Posted 09 March 2006 - 12:08 PM

if you could find CAIN i would say use that. thats what used on my friends computer to get his admin account because he wanted firefox but his dad wouldnt let him download it.

BinRev is hosted by the great people at Lunarpages!