Is thre a file where password information is kept in windows XP? If so what is it's name and where is it located?

This post has been edited by microscopic^earthling: Aug 3 2005, 04:36 PM

Yes. The files are "C:\WINDOWS\system32\config\SAM" and "C:\WINDOWS\system32\config\SYSTEM" (suppose you installed your Windows under C:\WINDOWS).

WindowsXP doesnt actually store passwords, it uses a destructive algorithm called MD4 to create a hash ( a fingerprint ) or the passwords ( in the files reported by BabyTux ).

So you cant just read them. However they can easily be brute forced, WindowsXP converts all login passwords to UpperCase before hashing (which is pretty stupid, it halfs the securety)

Make sure your passwords are 7 character or longer, and are not made up of dictionary words.

The password hashes are in binary format and will not do you much good to just read them. Go get L0phtCrack from http://www.atstake.com/ to be able dump the password hashes and run a simple dictionary attack on the hashes. Another method involves a time/memory trade-off called rainbow tables. See RainbowCrack at http://www.antsight.com/zsl/rainbowcrack/. This does take some effort as the tables take a large amount of disk space (about 20-30 Gb for alphanumeric, some special characters) and you will have to go through the trouble of downloading them. I found a nice fast source on Bit Torrent and had them in a matter of a few days.

If you are just fishing for information also grab Cain and Able at www.oxid.it/cain.html. Windows has its own secret storage area that saves such things as dial-up passwords and IE saved passwords. It might be worth a shot to see if anything is in the secrets. The secrets are not well protected and you can dump them without any waiting or cracking.

More information can be found on this subject at http://www.windowsecurity.com/articles/Pro...-Passwords.html

Respected SIr,

My query is that When we create password like in file (.Doc,.Exl),IE,Administrator etc. That are stored any perticular path in window. But I don't know. Could you help How to crack password without using any software.


Regards
Alok


-Alok

Two things Alok.
1) Your question is not fully clear, probably. I'm pretty sure that if you crete a password-protected .doc or .xls file, the password protection is inside the file.
2) password cracking is against our rules. Here we talk only about fully legit items. If an admin put a password on a file, you have to ask the admin to give you the password. If this file was yours and you forgot your own password, too bad, next time you will remember it. But teaching crackig techniques will never be allowed here.

Windows XP \\\"Remembered\\\" passwords
Where Does Windows Xp Store Its Passwords ?

Using Norton Password Manager, I can delete 'remembered" passwords used for websites, programs, etc. How can I un-remember a password "remembered" by XP? Often when I go to a new website that requires a password, Norton Pass/mgr pops up and asks if I want it to remember the password I just entered. Sometimes XP or Internet Explorer, not sure which has its own popup asking the same thing. I usually ignor the XP popup but now I want to unremember a password that XP has stored somewhere and delete it. Any ideas?

-question by Dennis

XP also uses Passport.NET to store remembered passwords, whether this is what is being remembered or not, I don't know, but if you go into Users Account in Control Panel you can remove stored passwords from there.

Cheers,

MC

You can actually generate your own rainbow tables, specifying what characters, numbers, symbols that you want to include. This would mean you don't actually have to download the rainbow tables.

Copying the SAM and SYSTEM
Where Does Windows Xp Store Its Passwords ?

How can I copy the SAM and SYSTEM files in
C:\WINDOWS\system32\config\SAM" and "C:\WINDOWS\system32\config\SYSTEM

It says being used by another program, and wont let me copy it. Any ideas?


Cain & Able is a great program but the brute force attack takes a while

Thanks


-question by nightmagic