Kamran Muzaffer wrote: > Hi Gedi, > > I tried to _crack_ a .SAM file located in c:\WINNT\repair with LC4, > but it only shows Administrator and guest accounts and those are not > the current passwords either. I think windows saves the initial copy > of the password database there. That's the very reason why I think > its not that dangerous to leave that file there ( may be as a backup > ) because if it is so simple to recover all the Windows passwords, > than curing it, would have been the first step in all Win security > manuals.
I heard something in the past about when first installing Windows, it will save a backup copy of the SAM to '%WinDir%\repair'. Whenever you use NTBACKUP, however, if you choose to backup 'System State', then it copies the SAM and puts it in '%WinDir%\repair' (if this is incorrect, please correct me). So if anyone has run NTBACKUP, be sure to head over to the repair directory, and delete the backups contained there. Pez Mohr [EMAIL PROTECTED] PGP Key: http://tinyurl.com/3rmk Fingerprint: 35F0 4088 BCA3 457C FDE4 3ABC 4E02 1AD7 9EBE 09FE
