Join Us!

How to get at conte...
 
Notifications
Clear all

How to get at content of a SAM file  

  RSS
seecs2011
(@seecs2011)
New Member

I have a SAM file from a laptop that I need to get into under direction from a family member trying to settle an estate. Ophcrack doesn't open it and I can't figure out how to get into it/crack the hash that it should contain.

I've tried about 15 different things between kali and caine-live.

Please help. I have no idea what I am doing and all the resources I've found on this online are in no way helpful(think "run this tool" with no explanations)

Quote
Posted : 07/10/2019 10:52 pm
deeFIR
(@deefir)
Junior Member

What are you trying to achieve?

Change the user's password? Log into the machine? Recover the user's password?

ReplyQuote
Posted : 08/10/2019 7:13 am
seecs2011
(@seecs2011)
New Member

What are you trying to achieve?

Change the user's password? Log into the machine? Recover the user's password?

Any of the above would work.

ReplyQuote
Posted : 09/10/2019 12:32 am
deeFIR
(@deefir)
Junior Member

Download Kali Linux, create a live USB/DVD. Boot. Mount the disk and run 'chntpw' - read the manual for specifics.

ReplyQuote
Posted : 09/10/2019 1:18 am
jaclaz
(@jaclaz)
Community Legend

Which EXACT version of Windows is it?

For some versions it is available the code to use the easiest (and more "correct" theoretically) way, i.e. to bypass authentication (which won't change the password).

See this ( somehow a "plug", but at least it is clearly explained the process)
http//reboot.pro/topic/18588-passpass-bypass-the-password/
http//www.easy2boot.com/add-payload-files/windows-install-isos/passpass/

jaclaz

ReplyQuote
Posted : 09/10/2019 7:51 am
seecs2011
(@seecs2011)
New Member

Download Kali Linux, create a live USB/DVD. Boot. Mount the disk and run 'chntpw' - read the manual for specifics.

So i get a read-only error currently on the actual SAM file for the filesystem.

If I copy the config folder to local disk and try there, when I run the command to blank the password, I am told that it appears to already be blank (but I know that isn't the case). It says not NT MD4 or LANMAN password is found. I've tried loading in most of the hive files too (SYSTEM, SECURITY, etc)

Thoughts?

I was able to get a hash in ophcrack from SYSTEM for the account but it was the same hash for all accounts and listed none under password. I am trying to brute force the hash that showed up with hashcat right now using the NTLM option. Should I maybe switch to MD4?

Any thoughts on the chntpw command?

ReplyQuote
Posted : 12/10/2019 9:03 pm
Share: