[NBLUG/talk] recovering Windows pw with Knoppix
Kevin Dwan
kevind at sonic.net
Wed Dec 29 20:12:31 PST 2004
I found the below: does anyone know how to do this *without* requiring
SAMInside?
1. Boot with Knoppix STD and launch a shell.
2. From the shell, you can view all your NTFS partitions via the LinuxNTFS
built into Knoppix STD.
3. Navigate to the windows\system32\config directory.
4. Copy the SAM and system files to a cheap USB thumbdrive.
5. Take each of these files back to another Windows machine and fire up
SAMInside. SAMInside uses SAM and system files to extract the encrypted hash
(the SAM file is double encrypted with SYSKEY. SAMInside gets around that).
6. Launch LC4. It will brute-force and dictionary-attack the hash marks.
Once the hash has been matched, the final password is displayed.
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'''''''''''''''''''''''''''''''
Thanx.
Kevin Dwan kevind at sonic.net
707-823-7077
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://nblug.org/pipermail/talk/attachments/20041229/f20bdda1/attachment.html
More information about the talk
mailing list