First of all, we will be using some manual nerd labor in the terminal ( the windows command prompt ) and we will be using an app. No human can manually sit down and crack a windows password, so we will be using a machine to do the calculations and eventual cracking. SamInside is the app I use. You can download it on CNET ( download.com ) You'll need the following two files from the system: sam and sys. Below I will show you how to do this in case you ever lock yourself out of your own system. It also stresses the importance of making, keeping, and using secure passwords. This thing can easily tare up a lamely chosen password.
How To Obtain Sam and System Files
You can do this with windows explorer, but we're going to do it the cool way, in the console {terminal} [windows command prompt]. You can also do this with a linux live disk, or by any means that gives you access to the hard disk, without the actual on board windows operating system running. The user passwords are stored using a hashed format. They're tucked in the registry and in two files. They're in LM hash and NTML hash format. The file locations are:%SystemRoot%/system32/config/SAMand%SystemRoot%/system32/config/SYSTEM{or if in XP: %SYSTEMROOT% {all caps}}.The registry locations include:HKLM/SAM and HKLM/SYSTEMSam stands for Security Account Manager.
Enter into the command prompt:
reg save HKLM\SAM c:\sam
reg save HKLM\SYSTEM c:\system
or you can do it via the file system:
copy %SystemRoot%/system32/config/SAM c:\SAM
copy %SystemRoot%/system32/config/SYSTEM c:\SYSTEM
You may or may not run into issues doing this if the system administrator has restrictions set on the account. In computer security, the more restrictions the more secure. If the command prompt is disabled, one could use a modded CMD file to still pull this off. [tutorial coming soon!]. If the command prompt isn't disabled, but the windows registry is, one could simply copy the files instead of doing the registry download method. We can see how there are different routes for accomplishing the same goal in our pen testing endeavours. Malware can do this all automatically as well, and steal your credentials this way. An attacker can also take advantage of this. It's important to know about, in order to secure your systems, and your clients systems. Ideally, I suggest using a Linux distribution for your operating system needs.
One can see how this information combined with knowing how to exploit netbios file sharing vulnerabilities could easily lead to the total compromisation of an entire system, or systems. If someone gained access through the command prompt via netbios (Microsoft's net.exe), or through Samba on linux(same protocol, diff o.s.), they could snag your sam and system files, crack your administrator password, and then level up their attack and capabilities. When one understands the mere astronomical proportions of security flaws built into the Windows operating system, one must ask oneself.. Should I consider Grey's advise about switching to Linux and learning more about computer security via Grey Hat Laboratories dot com bish? (#_#) The answer is yes. Kali.org
Finally, I hope this blog post has inspired you to consider password security. Use two step authentication and use secure passwords. Speaking of, I have a free app here on the site and on Download.com[Cnet] that will generate on the spot randomly created secure passwords for you. They are alphanumericsymbolic! Say that five times fast! Secure Random Password Generator App It's free. I have linked to the Download.com page with the download. It helps show my legitimacy and expand my ever growing reputation as a developer and alt-tech blogger.
You can support Grey Hat Laboratories financially by shopping via our only etsy store which can be found via https://etsy.com/shop/postulatedstate or you can donate via Cashapp @ $botanicalG420 , Thanks!