Home page logo

basics logo Security Basics mailing list archives

Re: Syskey on Win2k
From: "Pez Mohr" <boredMDer74 () msn com>
Date: Wed, 5 Feb 2003 15:10:48 -0500

Simon Taplin wrote:
On Windows 2000, Syskey is enabled by default, can I copy the .sam
file from \winnt\system32 after booting from bootdisk and then
running LC4 or do I need to run something else first. Just wondering
since I know Syskey is supposed to be 128 encryption.


AFAIK, Syskey encrypts the SAM with 128 bit encryption, not just when
Windows is running. With appropriate permissions, grabbing the SAM after
booting from a bootdisk would yield the same result as grabbing it when you
were logged in to Windows.

The following is taken from a TechNet page:
'Syskey thwarts this attack by encrypting the SAM database using strong
encryption. Even if an attacker did manage to obtain a copy of the
Syskey-protected SAM, he would first need to conduct a brute-force attack to
determine the Syskey, then conduct a brute-force attack against the hashes

I don't know quite what you're asking, but it looks like you mean how
exactly would one get the SAM. Again, if you have appropriate permissions,
one can merely copy over the SAM from '%WinDir%\system32\SAM' . If I've been
unclear in any way, feel free to email me off-list so I can clear it up a

Pez Mohr
boredMDer74 () msn com
PGP Key: http://tinyurl.com/3rmk
Fingerprint: 35F0 4088 BCA3 457C FDE4  3ABC 4E02 1AD7 9EBE 09FE

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]