Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: SAM encrypted with syskey

Re: SAM encrypted with syskey

From: Vladimir Katalov <vkatalov_at_elcomsoft.com>
Date: 17 Feb 2005 08:36:00 -0000
('binary' encoding is not supported, stored as-is) In-Reply-To: <F36BC027FD4D7E4FB9EA59EFAF86BAAD11AEE4_at_mex0010mf01.na.xerox.net>

>Does any one knows a method to retrieve the password for the SAM
>(NT/W2K) that has been encripted with syskey? Or bypass the system
>startup password?

Proactive Windows Security Explorer allows that:

http://www.elcomsoft.com/pwsex.html

It is able to dump password hashes from SAM and SYSTEM files (created in any system from Windows NT4 to Windows Server 2003).

Next version will be also able to get password hashes directly from Active Directory database (ntds.dit). 

-- 
Sincerely yours,
  Vladimir
Vladimir Katalov
Managing Director
ElcomSoft Co.Ltd.
Member of Association of Shareware Professionals (ASP)
Member of Russian Cryptology Association
mailto:vkatalov_at_elcomsoft.com
http://www.elcomsoft.com (Corporate site)
http://www.crackpassword.com (Password Recovery Software)
Received on Feb 18 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos