He was referring to copying the entire SAM file itself. Btw, pwdump 3 works even through keyserve.
----- Original Message ----- From: "shawn merdinger" <[EMAIL PROTECTED]> To: "Remington Winters" <[EMAIL PROTECTED]> Cc: "'Security Basics'" <[EMAIL PROTECTED]> Sent: Thursday, April 25, 2002 1:39 PM Subject: Re: NT Sam Hashes > On Wed, 24 Apr 2002, Remington Winters wrote: > > > You cant access local SAM files while the OS is running, > > afaik, this is incorrect. pwdump2 will dump passwords while the box is > running (hacking exposed: windows 2000 pg. 155). Also, passwords can be > extracted from a running box using lsadump2. > > > you need to boot > > into dos and copy off the files. > > Correct...this was one of the first ways to grab the sam file. > > > There is also a way to do it while logged > > in by getting the NT scheduler to run regedit32 ( it runs at system > > permissions). > > Interesting. How about if it was sceduled using the AT command? > > My two pesos...corrections welcome :) > > -scm > > > > > ----- Original Message ----- > > From: "Andrew Blevins" <[EMAIL PROTECTED]> > > To: "'Security Basics'" <[EMAIL PROTECTED]> > > Sent: Wednesday, April 24, 2002 9:30 AM > > Subject: NT Sam Hashes > > > > > > > Have any of you had experience with this? > > > I've been learning about some of the sam hash dump programs out there > > (check > > > @stake, sec33.com, etc.) and have found them to be very useful in dumping > > > the sam hash of the machine they are run on locally. However, I have been > > > unable to figure out how to dump the sam hash from a sam *file* I have > > saved > > > locally. Has anyone had any luck with this before? Thanks in advance for > > any > > > help. > > > > > > Blev > > > > > > > > >
