RE: Unwanted programs on Win2K

[James Kelly <jim () essistants com>]

Just for your info, there is a thing such as .SAM files, MS office uses
them extensively, what they do for office I don't know.  Also
lmhosts.sam is located in the system32\drivers folder.  As you probably
know its just the sample lmhosts file.  But in the sense you were
talking about, your correct.

Jim

-----Original Message-----
From: H C [mailto:keydet89 () yahoo com] 
Sent: Wednesday, February 05, 2003 10:01 AM
To: security-basics () securityfocus com
Subject: RE: Unwanted programs on Win2K

Gedi,

For the sake of accuracy:

> However, the easiest is to crack the .SAM file.

"Easiest" is relative.  I'd go w/ the Linux bootdisk
and utility to change the password.  

Also, there is no such thing as a ".SAM" file...it's
just "SAM".  

> If your admins are usless you may be lucky and find
a
> backup copy in the repair folder (c:\WINNT\repair)

Denigrating the admins aside, the backup copy of the
SAM is just that...a backup copy.  If the passwords on
the local system are changed, but the repair disk
utility isn't run, the backup will be completely
useless to you.  The backup copy of the SAM isn't
backed up automatically...you have to run the rdisk
utility.

> For this you will need a copy of NTFSDOS (I'm
assuming
> the file system is NTFS)

While this is one way to do it, the Linux bootdisk is
freely available, easy to make, and results in local
Administrator access much quicker than trying to crack
the SAM file that may not even include a current
password.

Just an FYI...

 



__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com