Questions about Windows SAM file

2 posts in this topic

I'm in the process of learning about Windows passwords and experimenting on how to extract them using different tools like Ophcrack and Offline NT Password and Registry Editor.  I've started with Windows XP because its the easiest.  I can successfully run Ophcrack on a Windows XP computer and it will list some user account names and passwords.  The thing I can't figure out is that it doesn't list all the account names I know are on the computer, either local or domain account names.  I thought all account names, either local or domain are stored in the local SAM file so you could login offline.  Does anyone know why I'm missing some account names when I run either tool?


I haven't tried this on a Windows 7 computer so I don't know if its just this one XP machine that's doing this.




Share this post

Link to post
Share on other sites

I have not played around with that in a long while: before XP SP 3.


I think the SAM only stores user account information. For example: all users you create should be in the SAM. However, builtin accounts like "System" are not in the SAM. They don't need to authenticate like a user does.



Domain account names are different. They are stored in Active Directory or the SAM file on a domain server. Older pre-Windows 2K servers (NT 4) store them in the SAM on the Domain Controller. Now, A.D. stores domain account credentials. I guess that is to protect the domain if local physical access is compromised. Which makes sense: you cannot access network resources unless online. I know Windows now has offline files access, but I think it probably uses some other form to authenticate if a user is allowed access to the offline file, like local permissions.


Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now