Vulnerability Development: Re: SAM encrypted with syskey

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: SAM encrypted with syskey

From: Brendan Dolan-Gavitt <bdolangavitt () wesleyan edu>
Date: Thu, 10 Feb 2005 22:09:35 -0500

There are utilities for extracting the syskey and decrypting the SAM at
http://studenti.unina.it/~ncuomo/syskey/ . Note that this is the third
result on Google if you search for "syskey" :p

From there it's just a basic LM or NT password cracking exercise...

-Brendan

-----Original Message-----
From: Anzaldo, Oscar [mailto:Oscar.Anzaldo () xerox com] 
Sent: Tuesday, February 08, 2005 10:50 AM
To: vuln-dev () securityfocus com
Subject: SAM encrypted with syskey

 Hi list,

Does any one knows a method to retrieve the password for the SAM
(NT/W2K) that has been encripted with syskey? Or bypass the system
startup password?

Regards

Oscar.

Attachment: signature.asc
Description: Digital signature

By Date By Thread

Current thread:

RE: SAM encrypted with syskey DePriest, Jason R. (Feb 10)
- <Possible follow-ups>
- RE: SAM encrypted with syskey Johnson, Joey (Feb 10)
  - Re: SAM encrypted with syskey Brendan Dolan-Gavitt (Feb 11)
    - Re: SAM encrypted with syskey Michel Arboi (Feb 13)
- RE: SAM encrypted with syskey Anzaldo, Oscar (Feb 10)
- SAM encrypted with syskey Anzaldo, Oscar (Feb 10)
- Re: SAM encrypted with syskey Vladimir Katalov (Feb 17)