[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker...)



Futplex wrote:
> someone quoted:
> Microsoft Knowledge Base article Q102716 says:
> > Storage of the Passwords in the SAM Database
> [...]
> > The second encryption is decryptable by anyone who has access to the
> > double-encrypted password, the user's RID, and the algorithm. The second
> > encryption is used for obfuscation purposes.
> 
> Anyone feel like putting together some sample plaintext/ciphertext pairs ?

This will be really difficult, and in practice rather pointless.  NT does
not allow any user, priviliged or not, to gain access to any form (encrypted
or not) of the passwords.  They are stored in a protected area of the system
registry that only the OS itself can access.  The best that you can do is
to ask the OS whether a given username/password pair is valid or not, and it
took until version 3.51 before MS let you do even that!

Of course, rebooting the PC and inspecting the disk with another OS is not
an answer since in any decent environment you will not be able to march up
to the server with a floppy and hit the reset button!


- Andy