How to get at conte...
 
Notifications
Clear all

How to get at content of a SAM file

13 Posts
6 Users
0 Likes
8,114 Views
(@seecs2011)
Posts: 4
New Member
Topic starter
 

I have a SAM file from a laptop that I need to get into under direction from a family member trying to settle an estate. Ophcrack doesn't open it and I can't figure out how to get into it/crack the hash that it should contain.

I've tried about 15 different things between kali and caine-live.

Please help. I have no idea what I am doing and all the resources I've found on this online are in no way helpful(think "run this tool" with no explanations)

 
Posted : 07/10/2019 9:52 pm
(@deefir)
Posts: 49
Eminent Member
 

What are you trying to achieve?

Change the user's password? Log into the machine? Recover the user's password?

 
Posted : 08/10/2019 6:13 am
(@seecs2011)
Posts: 4
New Member
Topic starter
 

What are you trying to achieve?

Change the user's password? Log into the machine? Recover the user's password?

Any of the above would work.

 
Posted : 08/10/2019 11:32 pm
(@deefir)
Posts: 49
Eminent Member
 

Download Kali Linux, create a live USB/DVD. Boot. Mount the disk and run 'chntpw' - read the manual for specifics.

 
Posted : 09/10/2019 12:18 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Which EXACT version of Windows is it?

For some versions it is available the code to use the easiest (and more "correct" theoretically) way, i.e. to bypass authentication (which won't change the password).

See this ( somehow a "plug", but at least it is clearly explained the process)
http//reboot.pro/topic/18588-passpass-bypass-the-password/
http//www.easy2boot.com/add-payload-files/windows-install-isos/passpass/

jaclaz

 
Posted : 09/10/2019 6:51 am
(@seecs2011)
Posts: 4
New Member
Topic starter
 

Download Kali Linux, create a live USB/DVD. Boot. Mount the disk and run 'chntpw' - read the manual for specifics.

So i get a read-only error currently on the actual SAM file for the filesystem.

If I copy the config folder to local disk and try there, when I run the command to blank the password, I am told that it appears to already be blank (but I know that isn't the case). It says not NT MD4 or LANMAN password is found. I've tried loading in most of the hive files too (SYSTEM, SECURITY, etc)

Thoughts?

I was able to get a hash in ophcrack from SYSTEM for the account but it was the same hash for all accounts and listed none under password. I am trying to brute force the hash that showed up with hashcat right now using the NTLM option. Should I maybe switch to MD4?

Any thoughts on the chntpw command?

 
Posted : 12/10/2019 8:03 pm
(@mameeru78)
Posts: 0
New Member
 

Any password of Windows can be reset or removed.

 
Posted : 24/08/2020 10:20 am
watcher
(@watcher)
Posts: 125
Estimable Member
 
Posted by: @seecs2011

I have a SAM file from a laptop that I need to get into under direction from a family member trying to settle an estate. Ophcrack doesn't open it and I can't figure out how to get into it/crack the hash that it should contain.

I've tried about 15 different things between kali and caine-live.

Please help. I have no idea what I am doing and all the resources I've found on this online are in no way helpful(think "run this tool" with no explanations)

STOP!

As I'm reading this, I'm interpreting this as:

"I have an unencrypted laptop protected by nothing more than the Windows password. I need to read content off of this machine to resolve an estate."

If my paraphrase above is correct, then stop, just stop. You are going about this all wrong. Forget the password and trying to crack or change it, none of that is necessary. All of the drive contents are already available to be read. The password is nothing more than a request to that operating system to pretty please let me in. Simply mounting from another operating system is all that's needed.

Since this is for something (an estate) that may result in legal challenges, I suggest you spend the money to have someone perform the extraction for you as you are clearly not in a position to defend against a challenge.

 ------------- I just realized this OP is over a year old ----------------

 
Posted : 24/08/2020 4:11 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

That's funny...I interpreted "I have a SAM file from a laptop..." as the OP having just the SAM Registry hive file extracted from the laptop.

 
Posted : 26/08/2020 12:33 pm
watcher
(@watcher)
Posts: 125
Estimable Member
 

@keydet89

I interpreted it as ... "I, or someone, extracted the SAM file and now I'm trying to crack the password in order to login and access the data." Having just the SAM completely out of context seems pretty unlikely outside of a classroom exercise.

I couldn't tell how much tongue-in-cheek you intended.

 
Posted : 28/08/2020 9:42 pm
Page 1 / 2
Share: