Results 1 to 10 of 10
  1. #1
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Bruce - SamDump (Win2K/XP)

    This is a Command line utility -- taken from LOphtCrack -- that reportedly 'dumps' your SAM passwords. (Meaning it displays them, not deletes them). Obviously, only for Win2K/XP. I would be interested in seeing if it works -- perhaps it could have been useful in determining the strange password problems in the past...
    Attached Files Attached Files

  2. #2
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Bruce - SamDump (Win2K/XP)

    I unzipped/downloaded and got the exe. When I click it, I get a flash of a dos prompt for a fraction of a second. Is their a step to downloading this so I can try it, R2? I have the exe in my unzipped foler and the zip in downloads, but that's as far as I can get with it.

    Thanks,

    SMBP

  3. #3
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Bruce - SamDump (Win2K/XP)

    Ummm...you gotta run it from the command line, and specify the name of the SAM file you want it to look at. If you don't it just pops up the syntax in a command window and closes it right after that.
    -Mark

  4. #4
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Bruce - SamDump (Win2K/XP)

    It does indeed work, and parses out the user accounts on the system - along with their descriptions. But it doesn't display the passwords in plain text, instead spewing out what appears to be a long hex string. I wasn't able to decode it with a hex editor into anything meaningful. I was relieved to see that, because if my password could be parsed that easily I'd be quite worried.

    This also requires access to the SAM database, which you can't open while the system is running, and thus I would think it would mean you'd need access to the console. I'm leery of such things because of the potential for malicious use, but this seems more of a system administrator's tool than anything else.
    -Mark

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Bruce - SamDump (Win2K/XP)

    I think if you have disabled lower-security LANMAN passwords, the cracking tool has more difficulty. Also, our antivirus software attacks as soon as you try to run it. <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

  6. #6
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Bruce - SamDump (Win2K/XP)

    Natch. NAV took a dive on me a few days ago and refuses to uninstall or reinstall. What AV software did you test with Jefferson?
    -Mark

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Bruce - SamDump (Win2K/XP)

    Actually, I haven't tested myself, but I've seen it in the Firm's logs. We run Trend Micro OfficeScan; I suspect PC-Cillin uses the same pattern file and also would try to quarantine or rename the executable.

  8. #8
    Silver Lounger
    Join Date
    Jan 2001
    Location
    Long Beach, California, USA
    Posts
    1,912
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Bruce - SamDump (Win2K/XP)

    Thanks for looking into this. Perhaps the entire program is able to give out the passwords in a readable fashion. In case you are interested:

    LC4: Download

  9. #9
    Gold Lounger
    Join Date
    Feb 2003
    Location
    Wardrobe Malfunction Junction, Derry
    Posts
    2,953
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Bruce - SamDump (Win2K/XP)

    Mark--

    Not sure what caused your Norton problem, but as you have probably seen there are uninstalls from the registry in a string of Norton KB's that can have you deleting entries for a long time--if I remember you have System Works. I had a box pop up saying "you aren't the Norton administrator" problem that Symantec says was a rare Windows Explorer in XP conflict and it wouldn't let me uninstall from Add/Remove or from Norton's Program entry for System Works, and after getting it from the registry I got all of System Works and NIS in except for NAV (Version 8.07) which refused to install, and had to copy it to the hard drive from the System Works folder in Explorer.

    I have found that the "Solutions" steps listed in this "Auto Protect Disabled" doc (although aimed at a specific error) are common to and used in several of the 'problems uninstalling NAV' KB's and one are all of them (updating symyvent drivers, and at the bottom of this sheet under "Windows XP" going to C:Program FilesCommon FilesSymantec Shared folder and deleting "Virus Defs") got NSW with NAV uninstalled and reinstalled intact in the three situations where NAV needed uninstalling to fix it whatever other Norton KB's were attached to those errors. Reinstalling IE listed has never been necessary for me. Updating Symyvent Files also can help with uninstalling and Uninstalling NSW in Windows XP--and the "Instant Wireless Utility" in a Linksys network can get in the way of a Norton uninstall.

    SMBP

  10. #10
    WS Lounge VIP rory's Avatar
    Join Date
    Dec 2000
    Location
    Burwash, East Sussex, United Kingdom
    Posts
    6,280
    Thanks
    3
    Thanked 191 Times in 177 Posts

    Re: Bruce - SamDump (Win2K/XP)

    Hi,
    Yes it will show you passwords in readable fashion - I have used it to audit network passwords in the past. To do that of course you need to be an admin anyway to get the SAM from the Domain Controller. It can be quite alarming if/when you see that almost all the passwords in use on your network are cracked in about 3 seconds flat! <img src=/S/doh.gif border=0 alt=doh width=15 height=15>
    Regards,
    Rory

    Microsoft MVP - Excel

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •