Jun 14 2009
SAM File : Windows XP,NT Administrator Password Recovery
As a reference to my previous articles on Windows Password recovery , in which i mentioned about use of various windows password recovery softwares, I am now back with another password recovery article to crack or recover windows administrator password. In this article on windows password recovery, i have explained basics of windows password recovery.
Windows Password Recovery basics:
Before using windows password recovery softwares like Lophtcrack or John The Ripper, you should know the following basic things of windows password recovery :
1. Password Hash :
When you type in password in Windows XP, NT, 2000 login windows, windows operating system converts (encrypts) these passwords in something like this :
7524248b4d2c9a9eadd3b435c51404ee
This is called password hash and this encryption is done using high level encryption schemes.
2. SAM Files :
In windows Operating system, these password hashes of every user account are stored in SAM Files. When user types in password on login screen, windows compares this SAM file contents with typed password and allows access (if matched). So, it is necessary to get these SAM files, if you want to recover your password.
3. Problems with SAM Files :
There are two problems with recovering passwords from SAM files :
a. This SAM File is locked during active windows session and hence cannot be accessed without booting. Thus, you have to boot system from another Operating System (NTFSDOS or Linux usually) and then copy SAM File to floppy drive or convenient external device.
b. Even if you copy this SAM file, since the SAM File is in encrypted format, you can’t see passwords in plain text form and so you have to recover (actually crack) passwords. For this purpose, either Dictionary or Bruteforce attack is implemented.
b.1 : Dictionary attack :
This attack is much faster than Bruteforce attack. Here, wordlist is given to Software and every word in the wordlist is simply checked with actual password and is returned if it matches the actual password. Though, this method seems very less convincing, it is actually found to recover 80% passwords. The only thing you should have is good wordlist which can be obtained through Google.
b.2 : Bruteforce attack :
In this attack, every letter, number and special symbols combination is tried out. This method tries out every ASCII combination for every position until the required password is found. This method works almost every time, provided sufficient time.
These password recovery attacks are implemented using Lophtcrack or John The Ripper (JTR). Lophtcrack is more preferred to JTR, as it can attack in both ways, unlike John The Ripper which can implement only Dictionary attack.
In my next articles, i will tell you how to implement these Bruteforce and Dictionary attacks to perform windows password recovery. Also, i have written about use of Lophtcrack and JTR in windows password recovery in my article LC5 for windows password recovery . I have kept this article simple to help you through basics on windows password recovery. If you find anything difficult in this article of windows password recovery, please mention it in comments.
Enjoy windows password recovery from SAM File…
