how do you retrieve password hashes?
Posted 10 May 2008 - 09:49 AM
Posted 13 May 2008 - 08:59 AM
Posted 29 May 2008 - 03:16 PM
The SAM file is just a text file as far as I know, although windows won't let you open it while windows is running.
If you boot from a Linux live cd or similar with NTFS support you could open it up and have a look at it.
Or you could make a copy of the file with the windows recovery console (There's an option for it when you boot from a winxp cd).
Of course, you could use one of the programs you mentioned too :-P
Posted 30 May 2008 - 06:35 AM
Posted 12 June 2008 - 01:19 AM
fist: program has to know were the target hash is located (ie: the sam file in windows as previously mentioned)
second: You must know what hash method is used to generate said hash file. this can be accomplished with a good (ie: set the password to "bobyboy" and generate a hash from "bobyboy" using several different algorithms)hour or so of guess work work, or reduced to possibly fruitless reverse engineering if hashes are salted.
third: generate and check hashes against the target untill you get a match (and technically, its possible to get two!)