Sam file doesn't contain all users

General technological topics without their own forum go here

Sam file doesn't contain all users

Post by DetectiveInspectorMe on Tue Jul 30, 2013 9:05 pm
([msg=76689]see Sam file doesn't contain all users[/msg])

I have a laptop given to me by my school, and on it i have a user account that is part of the school network. But i can log in to the computer even when its not connected to the network. So it stands to reason that the password hash is stored on the computer. I have booted it into ubuntu and cracked the sam file using ophcrack, but my user account isn't there. so where is the password hash of my account stored on the computer?
DetectiveInspectorMe
New User
New User
 
Posts: 2
Joined: Wed Jul 24, 2013 5:52 am
Blog: View Blog (0)


Re: Sam file doesn't contain all users

Post by Acidiferous on Wed Jul 31, 2013 7:04 am
([msg=76701]see Re: Sam file doesn't contain all users[/msg])

Hey,

I have a laptop given to me by my school, and on it i have a user account that is part of the school network. But i can log in to the computer even when its not connected to the network. So it stands to reason that the password hash is stored on the computer. I have booted it into ubuntu and cracked the sam file using ophcrack, but my user account isn't there. so where is the password hash of my account stored on the computer?


This indicates that the computer is part of a windows domain. The SAM database is used for local accounts.

Cached domain credentials are stored under: HKEY_LOCAL_MACHINE\SECURITY\Cache
This path is hidden for everyone else than SYSTEM.

You can run regedit as system by using PsExec: http://technet.microsoft.com/en-us/sysi ... s/bb897553
Code: Select all
psexec -d -i -s regedit


By default windows will cache the last ten credentials, they will be listet as 'NL$1' and so forth.

You should take a look at this: http://technet.microsoft.com/en-us/libr ... 10%29.aspx
This: http://support.microsoft.com/kb/172931
And google ;)
Acidiferous
Experienced User
Experienced User
 
Posts: 61
Joined: Tue Mar 29, 2011 9:49 am
Location: Europe
Blog: View Blog (0)


Re: Sam file doesn't contain all users

Post by limdis on Thu Aug 01, 2013 7:34 am
([msg=76712]see Re: Sam file doesn't contain all users[/msg])

Acidiferous +1
"The quieter you become, the more you are able to hear..."
"Drink all the booze, hack all the things."
User avatar
limdis
Moderator
Moderator
 
Posts: 1167
Joined: Mon Jun 28, 2010 5:45 pm
Blog: View Blog (0)


Re: Sam file doesn't contain all users

Post by DetectiveInspectorMe on Thu Aug 01, 2013 9:17 pm
([msg=76725]see Re: Sam file doesn't contain all users[/msg])

awesome, thanks.
Would it be possible to use Pstools to message or shutdown remote computers, or create new accounts on the network? I've been exploring the programs but whenever i try anything on my home network it says access denied.

EDIT: ok i did some more reading, and i think its not working on the home network because we don't have printer or file sharing enabled.
but i do know that there is a local admin account on all the school laptops, so if i could obtain the password for that account, and if the password was the same for all of the school laptops, then i could shutdown other laptops remotely, right?
DetectiveInspectorMe
New User
New User
 
Posts: 2
Joined: Wed Jul 24, 2013 5:52 am
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests