Recovering The SAM file from a WinXP machine

Huge area to cover, we have assembled and written tutorials that have proven helpful over time.
Post Reply
Zugg
n00b
Posts: 4
Joined: Sun Sep 26, 2004 7:21 pm
Location: Tennessee
Contact:

Recovering The SAM file from a WinXP machine

Post by Zugg » Wed Dec 22, 2004 5:37 pm

Code: Select all


Recovering The SAM file from a WinXP machine
#####################################################################################
Tutorial by Zugg
Zuggalo1189@gmail.com
Should only be read on Http://www.Binary-Universe.tk/
#####################################################################################
Neither I (Zugg) nor Binary Universe are responsible for your actions as a result of reading this. It is for informational purposes only, and I do not encourage any illegal or immoral activities.
#####################################################################################
_____________________________________________________________________________________
Using Knoppix/STD

Requirements:
 -Physical Access to the box
 -Knoppix or Knoppix-STD
 -USB Flash Card or a Floppy Diskette (if applicable)
 -A password recovery tool (i.e. a cracker)

Ok, This tutorial is about how to get the SAM (Security Accounts Manager) file from a WinXP box you have physical access to. Obviously the first thing you need to do is download Knoppix or Knoppix-STD:

 -Http://www.Knopper.net/ - Knoppix
 -Http://www.Knoppix-STD.net/ - Knoppix-STD
 -Http://www.Knoppix.net/ - One of the best resources for Knoppix

What is Knoppix?
KNOPPIX is a bootable CD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a Linux demo, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, the CD can have up to 2 GB of executable software installed on it.
                  -http://www.Knoppix.net/

What is Knoppix-STD?
Knoppix-STD is a customized distribution of the Knoppix Live Linux CD. Boot to the CD and you have Knoppix-STD. STD focuses on information security and network management tools. It is meant to be used by both the novice looking to learn more about information security and the security professional looking for another swiss army knife for their tool kit.
                  -http://www.Knoppix-STD.org

I will not teach you how to use Knoppix/STD. That's why i gave you the links! Your best friend in learning is Http://google.com! Learn it, Use it, and you get smarter!
Now that you know just what Knoppix/STD is, you can get started! First, you'll need to get access to the PC. Do whatever you see as "ok" to gain access. then follow these steps:

1. Boot up the computer
2. While the computer is booting, press f8 or f12, it depends on the computer, most of the time, so just press F** buttons, and you should get it!
3. When you find the right F** button, you will be given a list of boot options. Select the "Boot From CD-ROM" or something similiar (make sure you have inserted the Knoppix/STD CD).
4. This will boot you into knoppix, bypassing WinXP altogether!
5. Knoppix will automatically "mount" your hard drive, so you don't have to.
6. Once in Knoppix, open a shell, and type: "cd /mount"
7. Navigate to "windows/system32/config/" directory
8. Copy the SAM file to the USB flash drive or Floppy
9. Get the hell outta there!

Ok, so now you have the SAM file in your pocket and your in the clear. Take the SAM, put it on another Windows machine, and fire up a copy of SAMinside (http://www.topshareware.com/SAMInside-download-5188.htm). This will extract the hash. When you have the hash, open up LC5 (http://www.atstake.com/products/lc/). This will bruteforce the hash, and when it finds the matches the correct hash marks, it will display the original pass!
#####################################################################################
Well, you've just completed my tutorial on recovering the SAM file using Knoppix/STD! Try it out a few times, and make sure you got it, before you try to show your friends how "1337" you are, and make an ass of yourself. Well, that's all, and remember, i'm not responsible with what you do with the information provided in this tutorial. Do what you will, and happy hash hunting!
Http://Binary-Universe.tk/



User avatar
IceDane
Because I Can
Posts: 2652
Joined: Wed May 12, 2004 9:25 am

Post by IceDane » Wed Dec 22, 2004 6:13 pm

Very nice.

As I have stated before, at the other 384 million sites you've posted this on.

-Ic3D4ne

User avatar
Net Battle Bot
Owns you
Posts: 1816
Joined: Fri Jun 04, 2004 6:44 am
Location: Groom Lake

Post by Net Battle Bot » Wed Dec 22, 2004 6:28 pm

You are indeed fortunate if you see "CD-ROM" on the boot menu.
Without practice one cannot prove; without proof one cannot be trusted; without trust one cannot be respected.

User avatar
GhostHawk
Ex-Mod
Posts: 1447
Joined: Wed Jul 30, 2003 12:10 am
Contact:

Post by GhostHawk » Wed Dec 22, 2004 6:29 pm

It was well written, but not needed. There have been a million other guides identical to this. But whatever.
Opinions are like ass holes, everyone has one. It is also my opinion, that I am an ass hole.

User avatar
Prism
Owns you
Posts: 1618
Joined: Thu May 06, 2004 9:18 am

Post by Prism » Wed Dec 22, 2004 6:55 pm

It's really just a set of instructions, there is no theory..

stuff that you should have included:

-why you have to use a bootable operating system?
-ntfs file system...
-what is a hash? what sort of encryption does windows nt use?

User avatar
ih827
Hacker in Training
Posts: 85
Joined: Wed Nov 17, 2004 2:53 am
Contact:

Post by ih827 » Thu Dec 23, 2004 3:09 am

Prism wrote:It's really just a set of instructions, there is no theory..

stuff that you should have included:

-why you have to use a bootable operating system?
-ntfs file system...
-what is a hash? what sort of encryption does windows nt use?
can you reply to this Zugg
keeping knowledge free is a full time job

User avatar
netphreak
Owns you
Posts: 1300
Joined: Wed Sep 24, 2003 8:31 pm
Location: Everywhere and nowhere... all at once
Contact:

Post by netphreak » Thu Dec 23, 2004 7:27 am

Also, I would include a section on how to bypass a BIOS password, because that may/may not be a step in getting the computer to boot to a CD.
Look at the stars, but shoot for the ceiling; it's closer...
When looking for a needle in a haystack, don't start in the middle of a wheat field.

User avatar
IceDane
Because I Can
Posts: 2652
Joined: Wed May 12, 2004 9:25 am

Post by IceDane » Thu Dec 23, 2004 7:41 am

First of all, I completely disagree with all of you.

@ Prism:

This is about how to extract, and crack the SAM file, not about the filesystem NTFS. Although the information about why we need a bootable operating system could be useful.

@ Netphreak:

As I said, this tutorial is about how to extract, and crack the SAM file.
This isn't about how to bypass passwords, the NTFS filesystem, or anything, but how to extract and crack the SAM file.

But I guess it's the author's oppinion that really matters, we should just wait for his reply.

-Ic3D4ne

User avatar
netphreak
Owns you
Posts: 1300
Joined: Wed Sep 24, 2003 8:31 pm
Location: Everywhere and nowhere... all at once
Contact:

Post by netphreak » Thu Dec 23, 2004 9:11 am

Bypassing a BIOS password can be part of the process if you're trying to get into a system with a locked BIOS. Without changing the boot order to check the CD-ROM drive first, then you will barely get past step 1. The lock will defeat you quickly, but if you know how to get around it, then you can proceed with the SAM extraction. I'm just suggesting, it would make the tutorial more complete.
Look at the stars, but shoot for the ceiling; it's closer...
When looking for a needle in a haystack, don't start in the middle of a wheat field.

User avatar
Prism
Owns you
Posts: 1618
Joined: Thu May 06, 2004 9:18 am

Post by Prism » Thu Dec 23, 2004 10:17 am

@ Prism:

This is about how to extract, and crack the SAM file, not about the filesystem NTFS. Although the information about why we need a bootable operating system could be useful.
you can't just use any bootable operating system ie. ms-dos because it doesn't have ntfs support

I agree with netphreak, bypassing the bios password would be a good addition
by the way, it look like you got the url wrong

User avatar
Niels
Sargeant at Arms
Posts: 260
Joined: Wed Sep 01, 2004 12:31 am
Location: San Francisco
Contact:

Post by Niels » Thu Dec 23, 2004 5:11 pm

@Prism: http://binaryuniverse.no-ip.com *

As I've said before Zugg, I like it alot.

Zugg
n00b
Posts: 4
Joined: Sun Sep 26, 2004 7:21 pm
Location: Tennessee
Contact:

Post by Zugg » Fri Dec 24, 2004 5:54 pm

ok, the tut will be revised.

@Prism: no i didn't get the URL wrong, we stopped using it. it just occured to me to post it here. i wrote it quite a while ago.

as all of you can see from the size and caliber of it, it was meant to BASIC. that's why there isn't a shitload of imformation in it. anyway, i don't really care. every other place i posted it sayed it was good, and some even posted it in their tut section on the main website, but w/e.
Last edited by Zugg on Fri Dec 24, 2004 6:25 pm, edited 1 time in total.

User avatar
netphreak
Owns you
Posts: 1300
Joined: Wed Sep 24, 2003 8:31 pm
Location: Everywhere and nowhere... all at once
Contact:

Post by netphreak » Fri Dec 24, 2004 5:57 pm

It was still a good beginner tutorial, well written. These were just suggestions to help with a more COMPLETE version of the tutorial.
Look at the stars, but shoot for the ceiling; it's closer...
When looking for a needle in a haystack, don't start in the middle of a wheat field.

User avatar
kka_kenny
Your Senior
Posts: 901
Joined: Sat May 15, 2004 5:42 pm

Post by kka_kenny » Sat Dec 25, 2004 10:35 am

Yes I like it short guides are always best.
It starts with with a simpl[e] lie then you die.

Post Reply