James Kelly wrote: > I may be wrong in this, but im pretty sure from previous "exercises" > that you can't copy the sam data when windows is running. It can be > accessed however, when you have admin writes. Which gives LC4 access > to the data, and as far as the technet claim, I have seen in my own > personal experience, LC4 get passwords in minutes. If it does have to > bruteforce, this takes considerably longer...
Ah, yes, sorry about that. The SAM is indeed locked while Windows is running because it is in use. However, the hashes can be dumped by a tool such as pwdump or such, and LC4 (and previous versions) also allowed the SAM information to be extracted. How, I don't know. Again, sorry, just a memory lapse. Been a while since I needed to grab the SAM out of a 2k environment... (although this holds true for XP as well, being locked while Windows is up...whatever) Pez Mohr [EMAIL PROTECTED] PGP Key: http://tinyurl.com/3rmk Fingerprint: 35F0 4088 BCA3 457C FDE4 3ABC 4E02 1AD7 9EBE 09FE
