Where Does Windows Xp Store Its Passwords ?

Is thre a file where password information is kept in windows XP? If so what is it's name and where is it located?

Edited August 3, 2005 by microscopic^earthling (see edit history)

Yes. The files are "C:\WINDOWS\system32\config\SAM" and "C:\WINDOWS\system32\config\SYSTEM" (suppose you installed your Windows under C:\WINDOWS).

WindowsXP doesnt actually store passwords, it uses a destructive algorithm called MD4 to create a hash ( a fingerprint ) or the passwords ( in the files reported by BabyTux ).So you cant just read them. However they can easily be brute forced, WindowsXP converts all login passwords to UpperCase before hashing (which is pretty stupid, it halfs the securety)Make sure your passwords are 7 character or longer, and are not made up of dictionary words.

The password hashes are in binary format and will not do you much good to just read them. Go get L0phtCrack from http://forums.xisto.com/no_longer_exists/ to be able dump the password hashes and run a simple dictionary attack on the hashes. Another method involves a time/memory trade-off called rainbow tables. See RainbowCrack at http://www.antsight.com/zsl/rainbowcrack/. This does take some effort as the tables take a large amount of disk space (about 20-30 Gb for alphanumeric, some special characters) and you will have to go through the trouble of downloading them. I found a nice fast source on Bit Torrent and had them in a matter of a few days.

If you are just fishing for information also grab Cain and Able at http://www.oxid.it/cain.html. Windows has its own secret storage area that saves such things as dial-up passwords and IE saved passwords. It might be worth a shot to see if anything is in the secrets. The secrets are not well protected and you can dump them without any waiting or cracking.

More information can be found on this subject at http://forums.xisto.com/no_longer_exists/

Respected SIr,My query is that When we create password like in file (.Doc,.Exl),IE,Administrator etc. That are stored any perticular path in window. But I don't know. Could you help How to crack password without using any software.RegardsAlok-Alok

Respected SIr,
My query is that When we create password like in file (.Doc,.Exl),IE,Administrator etc. That are stored any perticular path in window. But I don't know. Could you help How to crack password without using any software.
Regards
Alok
-Alok

Two things Alok.
1) Your question is not fully clear, probably. I'm pretty sure that if you crete a password-protected .doc or .xls file, the password protection is inside the file.
2) password cracking is against our rules. Here we talk only about fully legit items. If an admin put a password on a file, you have to ask the admin to give you the password. If this file was yours and you forgot your own password, too bad, next time you will remember it. But teaching crackig techniques will never be allowed here.

Windows XP "Remembered" passwords

Where Does Windows Xp Store Its Passwords ?

 

Using Norton Password Manager, I can delete 'remembered" passwords used for websites, programs, etc. How can I un-remember a password "remembered" by XP? Often when I go to a new website that requires a password, Norton Pass/mgr pops up and asks if I want it to remember the password I just entered. Sometimes XP or Internet Explorer, not sure which has its own popup asking the same thing. I usually ignor the XP popup but now I want to unremember a password that XP has stored somewhere and delete it. Any ideas?

 

-question by Dennis

XP also uses Passport.NET to store remembered passwords, whether this is what is being remembered or not, I don't know, but if you go into Users Account in Control Panel you can remove stored passwords from there.Cheers,MC

Another method involves a time/memory trade-off called rainbow tables. See RainbowCrack at http://www.antsight.com/zsl/rainbowcrack/. This does take some effort as the tables take a large amount of disk space (about 20-30 Gb for alphanumeric, some special characters) and you will have to go through the trouble of downloading them. I found a nice fast source on Bit Torrent and had them in a matter of a few days.

You can actually generate your own rainbow tables, specifying what characters, numbers, symbols that you want to include. This would mean you don't actually have to download the rainbow tables.

XP Passwords

Where Does Windows Xp Store Its Passwords ?

 

Replying to BabyTux

 

If I delete the contents in the files you have mentioned, can I break the windows xp passwords ?

 

-reply by Eranga

Copying the SAM and SYSTEM

Where Does Windows Xp Store Its Passwords ?

 

How can I copy the SAM and SYSTEM files in

C:WINDOWSsystem32configSAM" and "C:WINDOWSsystem32configSYSTEM

 

It says being used by another program, and wont let me copy it. Any ideas?

 

 

Cain & Able is a great program but the brute force attack takes a while

 

Thanks

 

 

-question by nightmagic

Replying to iGuestYou need to use windows XP Recovery Console to copy SAM, SYSTEM in Config File. Process : Boot from windows xp disk, There will be an option press are to goto Recovery Console.If you don't want to boot from disk then use the second process written:1: when you reached your desktop main screen.2: put windows xp disk3: goto Start -> Run , use the following commandD:i386winnt32.Exe /cmdcons (here d means your cd drive letter which may be different in your computer)4: Restart your computer. Now you will get 2 options either to start your windows XP or start Recovery Console.5: In order to use Recovery Console you require By default Administrator Password, if you have no password then just press enter when it ask for password.6: there you can copy SAM, SYSTEM from Windows/Repair directory to Config directory7: Windows/Repair directory contains SAM,SYSTEM,SOFTWARE,SECURITY which was created at the time of windows XP installation.-reply by Dalvin

where does the password stored in windows xp?Where Does Windows Xp Store Its Passwords ?

I have ox windows xp and the user acount has password where all the files are stored here.  I installed  the hard disk in the other computer and set it as slave.  now, my files stored in the slave haddisk wasn't access because it was protected by a user account password.  how do I access this folder?

How to copy SAM file with usb to ide cableWhere Does Windows Xp Store Its Passwords ?

Ok guys, you appear to be the experts so I have a question for you. I have a computer I cannot acces because I have no login to it. I can however take the computer's harddrive out and access it with a usb to ide cable and view the contents of the drive from another computer. Since the SAM file I'm attempting to copy isn't actually the one that windows is using currently (because I'm just accessing the harddrive via usb and its not actually booted up to THAT installation of windows) can I copy the sam files to hack later? Or will I still have to use a linux boot program because my laptop is running windows still.

To be clear, and revamp I took the harddrive OUT of the computer it was in, and am trying to access the files on it from a different computer, but the different computer is running windows.

Normally I would just copy and paste the files but it won't let me because they are set to private so it will only let the administrator of THAT coputer they were taken from copy them, it says access denied. But the windows folder isnt set to private so I was wondering if I could copy the sam files.

I know this makes no sense. Sorry. Does anyone have any answers? 

-reply by SlickWilly

 

Kind of solutionWhere Does Windows Xp Store Its Passwords ?

Hi Guys,

This is something that I usually apply since I work with very "sensitive" systems. When I want to do something that eventually would make a damage, my first step is to create a GHOST IMAGE of that drive, so I have a backup just in case. OK, what I have noticed is that GHOST has a "GHOST EXPLORER" so you can browse files upon the image without any permission control! just copy any file you want to wherever you may locate it. Then, you can copy SAM file, edit it, and copy it back into the image (If you are going to edit the image, so you may want to have 2 images: the one for edition and the original one lol). I hope this works

Best regards, Jorge.

-reply by Jorge