1) Well, the easiest way to do this is to boot your target machine to an
alternate OS like NTFSDOS or Linux
and just copy the SAM from the %systemroot%system32config folder.
It's quick,
it's easy, and it's effective. You can get a copy of NTFSDOS from
Sysinternals(http://www.sysinternals.com) The regular version of NTFSDOS is
freeware, which is always nice, but only allows for Read-Only access. This
should be fine for what you want to do, however, if you're the kind of person
that just has to have total control and has some money to burn. NTFSDOS Pro,
which is also by Sysinternals has read/write access but it'll cost you $299.
2) You can also get password hashes by using pwdump2 (Google It to get
software ~ Search at openwall.com). pwdump uses .DLL injection in order to use
the system account to view and get the password hashes stored in the registry.
It then obtains the hashes from the registry and stores them in a handy little
text file that you can then paste them into a password cracking utility like
l0phtcrack or John the ripper (Linux Based works well) also cain and abel can
be used.
3) Import Hashes directly from l0phtcrack, and let them open to you by
cracking.
No comments:
Post a Comment