Results 1 to 7 of 7

Thread: Cracking Windows XP Pro password problem

  1. #1
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    7

    Default Cracking Windows XP Pro password problem

    I'm having trouble cracking a Windows XP pro password. That is because I can not find the correct account that I am looking to crack. When I use the backtrack live cd and run bkhive and then samdump2, the usernames that it finds are not the one that I am looking for. I think this is because the username that I am trying to crack is not stored in that SAM file because they do not log into a different domain or workgroup at startup. What I mean by domain or workgroup is the "log on to:" field at the startup screen. There is several different choices in the pull down menu one of which is followed by "(this computer)". I think that is the one that I cracked the passwords for. Even though when i put in those usernames and passwords with that log in chosen, none worked.

    If any one has any ideas of how Windows XP pro works and were the usernames for the different "log on to:" fields are stored please let me know.

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    As I understand you simply have the wrong SAM file. If it is a network login, which you seem to imply with the log on to, the username and password hash will not be stored on the local computer, unless the admin has this setting enabled. Using the SAM file you currently have you will therefore be out of luck.
    -Monkeys are like nature's humans.

  3. #3
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    7

    Default

    Quote Originally Posted by =Tron= View Post
    As I understand you simply have the wrong SAM file. If it is a network login, which you seem to imply with the log on to, the username and password hash will not be stored on the local computer, unless the admin has this setting enabled. Using the SAM file you currently have you will therefore be out of luck.
    I'm almost positive that it has to be stored on the computer somewhere because the user is able to log on to that domain even when the computer is not docked in its network docking station. I was wondering if anyone had any idea were the user information would be stored for different domains in Windows XP Pro edition. Because at WINDOWS/system32/config/ there is only accounts like Aspnet, Client-Admin, and Client-Guest. So if anyone can offer any further advice it would be greatly appreciated.

  4. #4
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by turbulence View Post
    I'm almost positive that it has to be stored on the computer somewhere because the user is able to log on to that domain even when the computer is not docked in its network docking station. I was wondering if anyone had any idea were the user information would be stored for different domains in Windows XP Pro edition. Because at WINDOWS/system32/config/ there is only accounts like Aspnet, Client-Admin, and Client-Guest. So if anyone can offer any further advice it would be greatly appreciated.
    The local SAM (C:\WINDOWS\system32\config\) only contains password information about local user accounts. Domain users passwords are stored in Active Directory, or the SAM on a domain controller in case it is a NT4 domain.

    What you are talking about is Cached Credentials. When a domain user logs on a PC the users credentials are cached so that in the event that the domain controller goes down, or the network connecting the user to a domain controller goes down the user can still login and work using the locally installed applications. I have no idea where the users password is stored in this case. My best guess is it is somewhere in the users profile, probably C:\Documents and Settings\username\ntuser.dat but I don't know for sure.
    I like the bleeding edge, but I don't like blood loss

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Good friend of the forums williamc's Avatar
    Join Date
    Feb 2010
    Location
    Chico CA
    Posts
    285

  7. #7
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    7

    Default

    Thank you for the link Thorin, it was very helpful. Who knew they would be cached in the registry?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •