On Wed, 24 Apr 2002, Remington Winters wrote: > You cant access local SAM files while the OS is running,
afaik, this is incorrect. pwdump2 will dump passwords while the box is running (hacking exposed: windows 2000 pg. 155). Also, passwords can be extracted from a running box using lsadump2. > you need to boot > into dos and copy off the files. Correct...this was one of the first ways to grab the sam file. > There is also a way to do it while logged > in by getting the NT scheduler to run regedit32 ( it runs at system > permissions). Interesting. How about if it was sceduled using the AT command? My two pesos...corrections welcome :) -scm > > ----- Original Message ----- > From: "Andrew Blevins" <[EMAIL PROTECTED]> > To: "'Security Basics'" <[EMAIL PROTECTED]> > Sent: Wednesday, April 24, 2002 9:30 AM > Subject: NT Sam Hashes > > > > Have any of you had experience with this? > > I've been learning about some of the sam hash dump programs out there > (check > > @stake, sec33.com, etc.) and have found them to be very useful in dumping > > the sam hash of the machine they are run on locally. However, I have been > > unable to figure out how to dump the sam hash from a sam *file* I have > saved > > locally. Has anyone had any luck with this before? Thanks in advance for > any > > help. > > > > Blev > > > > >
