±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 5 Overall: 36115
New Yesterday: 4 Visitors: 161

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

How to get at content of a SAM file

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

seecs2011
Newbie
 

How to get at content of a SAM file

Post Posted: Oct 07, 19 21:52

I have a SAM file from a laptop that I need to get into under direction from a family member trying to settle an estate. Ophcrack doesn't open it and I can't figure out how to get into it/crack the hash that it should contain.

I've tried about 15 different things between kali and caine-live.

Please help. I have no idea what I am doing and all the resources I've found on this online are in no way helpful(think "run this tool" with no explanations)
_________________
Jacob Secor
Security+, C|HFI 
 
  

deeFIR
Member
 

Re: How to get at content of a SAM file

Post Posted: Oct 08, 19 06:13

What are you trying to achieve?

Change the user's password? Log into the machine? Recover the user's password?  
 
  

seecs2011
Newbie
 

Re: How to get at content of a SAM file

Post Posted: Oct 08, 19 23:32

- deeFIR
What are you trying to achieve?

Change the user's password? Log into the machine? Recover the user's password?


Any of the above would work.  
 
  

deeFIR
Member
 

Re: How to get at content of a SAM file

Post Posted: Oct 09, 19 00:18

Download Kali Linux, create a live USB/DVD. Boot. Mount the disk and run 'chntpw' - read the manual for specifics.  
 
  

jaclaz
Senior Member
 

Re: How to get at content of a SAM file

Post Posted: Oct 09, 19 06:51

Which EXACT version of Windows is it?

For some versions it is available the code to use the easiest (and more "correct" theoretically) way, i.e. to bypass authentication (which won't change the password).

See this ( somehow a "plug", but at least it is clearly explained the process):
reboot.pro/topic/18588...-password/
www.easy2boot.com/add-.../passpass/

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

seecs2011
Newbie
 

Re: How to get at content of a SAM file

Post Posted: Oct 12, 19 20:03

- deeFIR
Download Kali Linux, create a live USB/DVD. Boot. Mount the disk and run 'chntpw' - read the manual for specifics.


So i get a read-only error currently on the actual SAM file for the filesystem.

If I copy the config folder to local disk and try there, when I run the command to blank the password, I am told that it appears to already be blank (but I know that isn't the case). It says not NT MD4 or LANMAN password is found. I've tried loading in most of the hive files too (SYSTEM, SECURITY, etc)


Thoughts?

I was able to get a hash in ophcrack from SYSTEM for the account but it was the same hash for all accounts and listed none under password. I am trying to brute force the hash that showed up with hashcat right now using the NTLM option. Should I maybe switch to MD4?


Any thoughts on the chntpw command?  
 

Page 1 of 1