Hacking a SAM file (legit)

Zero

I have an NT4 server in another office that someone had full access to and before he got tossed out of the place he decided to lock it up, strip the users and change the admin password. I currently have a bunch of PCs running the @stake l0phtcrack programme on brute force trying to open the SAM file because Im leaving work this week and Im in no humour to go reinstalling the thing.
My questions is, is there a better programme, or a quicker way to hack the SAM file? I can email it to anyone who reckons they can open it. Any help would be appreciated.

Ronan

Dr4gul4

not dat im aware im afraid, there is a linux haxk 4 2k that will let u change the admin password but i've never tested it on NT


Sorry


D.

shurl

Hmmm,
Maybe I'm wrong,
but I *think* i rememeber someone somewhere saying that if you are at the console you can delete/move the sam file?
And it should reset/blank the admin pass.
Did ye try doing a search on astaLAvista.com ?

There should be some options as your physically at the server.


Sorry can't remember properly and I haven't tried it.

Just a thought.

S.

dahamsta

Why don't you just find the guy who did it and kick the head off him until he tells you the new password Ronan? Even if he's forgotten it, it's a result.

adam

jabberwock

not dat im aware im afraid, there is a linux haxk 4 2k that will let u change the admin password but i've never tested it on NT

there is a linux haxk for NT.

I use it for the same reasons you need it.
Disgruntled users.

tom-thebox

If you even had a local account on the box you should be able to gain admin access by simply hacking the dll cache permissions. I have a couple of scripts that would help you out only if you had a local account however.

let me know if you want me to pm u links.

Regards

LoLth

does the win98 boot floppy trick still work?

Boot from floppy and go into DOS.
Delete the *.pwl file and you reset the admin password.

fairly sure you could take out the SAM file while you are at it.

Not sure is SP6 solved this issue though.

tom-thebox

This site should sort it for you.

http://home.eunet.no/~pnordahl/ntpasswd/


Regards

irishgeo

you can delete the SAM file which will reset all the accounts on the computer.

You could aslo use the linux boot floppy to do it as well.

here is a very good link.

http://is-it-true.org/nt/atips/atips262.shtml

GUI_XP

ok
if system directory is contained a fat32 volume..
boot with a win98 boot disk to command line..
move to c:\winnt\system32\config
in there type
attrib *.* -a -r -s -h
delete SAM

ok u have just deleted the SAM
why u ask?
if windows detects SAM is corrupt or missing on boot up
it creates it with a blank local admin password

if the volume is a ntfs volume..
u will need to get ur hands on an application called NTFSpro for dos
u load this at the command line and it lets u read and write ntfs volumes from the command line

shurl

I knew I wasn't going mad.




S.

Sniipe

I've done it a few times; didn't read the above.
I guess u've done this
first u need the sam file; to do this; if I remember correctly u need a sam dump or copy the sam file by using a boot disk and using ntfsdos (I'd say u've done this also and already know about it)

but anyway, l0pht is what I normally use to get the thing opened but the guy could have been a right ass and done a password with special characters, normal characters, numbers and symbols.

Advanced NT Security Explorer (Antexp) I think does the job quicker than l0pht.

If u can't find that file pm me.

[EDIT: http://www.elcomsoft.com/antexp.html and cracks at http://astalavista.box.sk/

oh yeah; more detail; when u make the bootdisk have another disk with ntfsdos (version 3, I think) and I can't remember the command for creating a readonly view of ur partition, I think there is an :L /c in it ]

Zero

http://home.eunet.no/~pnordahl/ntpasswd/

Got it sorted using this. thanks anyway.

tom-thebox

Originally posted by Zero
http://home.eunet.no/~pnordahl/ntpasswd/

Got it sorted using this. thanks anyway.

my link i am just so helpfull u still want me to reply to ure pm ?:D

Zero

heh hadnt seen your link, doh, I went rootin on the web. thanks anyway, you neednt bother sending me on that other stuff.
cheers.