Location of the Windows 7 password file?

I'm attempting to test the passwords of various user accounts on my
system to find the effectiveness of their passwords. I'm gotten a couple
of utilities here, one called (1) "OPH Crack", and (2) another one
called "Offline NT Password & registry repair". The #2 seems to work but
what it does is it simply deletes the password so you can reset it
later; I don't want that I want to test the strength of the existing
password. But #1 seems to fail, as it can't find the physical location
of the Windows 7 passwords. I've tried the \windows\system32\config
folder, and as well as the Syswow64\config folder, but it's not located
in either place.

Yousuf Khan

On Mon, 21 May 2012 14:32:59 -0400, Yousuf Khan wrote:

> I'm attempting to test the passwords of various user accounts on my
> system to find the effectiveness of their passwords. I'm gotten a couple
> of utilities here, one called (1) "OPH Crack", and (2) another one
> called "Offline NT Password & registry repair". The #2 seems to work but
> what it does is it simply deletes the password so you can reset it
> later; I don't want that I want to test the strength of the existing
> password. But #1 seems to fail, as it can't find the physical location
> of the Windows 7 passwords. I've tried the \windows\system32\config
> folder, and as well as the Syswow64\config folder, but it's not located
> in either place.
>
> Yousuf Khan

If it's like Unix and related systems, Windows stores the passwords in
encrypted form. The password is not recoverable from the encrypted form
(well, that's the hope, anyway).

When a user enters a password, it is encrypted by the same method, and
the result is compared to the stored form. They are supposed to match,
of course.

--
Gene E. Bloch (Stumbling Bloch)

"Yousuf Khan" <> wrote in message news:4fba8a5d$...
> I'm attempting to test the passwords of various user accounts on my
> system to find the effectiveness of their passwords. I'm gotten a couple
> of utilities here, one called (1) "OPH Crack", and (2) another one
> called "Offline NT Password & registry repair". The #2 seems to work but
> what it does is it simply deletes the password so you can reset it
> later; I don't want that I want to test the strength of the existing
> password. But #1 seems to fail, as it can't find the physical location
> of the Windows 7 passwords. I've tried the \windows\system32\config
> folder, and as well as the Syswow64\config folder, but it's not located
> in either place.
>
> Yousuf Khan

If you're running Ophcrack from within Windows then you
have to load the Local SAM file.
Ophcrack > Load > Local SAM with samdump2

Yousuf Khan wrote:
> I'm attempting to test the passwords of various user accounts on my
> system to find the effectiveness of their passwords. I'm gotten a couple
> of utilities here, one called (1) "OPH Crack", and (2) another one
> called "Offline NT Password & registry repair". The #2 seems to work but
> what it does is it simply deletes the password so you can reset it
> later; I don't want that I want to test the strength of the existing
> password. But #1 seems to fail, as it can't find the physical location
> of the Windows 7 passwords. I've tried the \windows\system32\config
> folder, and as well as the Syswow64\config folder, but it's not located
> in either place.
>
> Yousuf Khan

Ophcrack has different LiveCDs. Which one did you use ?

http://ophcrack.sourceforge.net/down...hp?type=livecd

As far as I know, there are also different versions of rainbow tables
for Ophcrack. Depending on whether you include punctuation in the
character set, the table size expands (and the authors want money
for the larger tables). Only the smallest tables download from Sourceforge.
And judging by the larger tables and their descriptions, the scheme seems
to be "running out of steam".

http://ophcrack.sourceforge.net/tables.php

*******

The "Offline" tool probably resets the password, rather than
displaying the actual password. Cracking passwords is only
really necessary, if you're breaking into a system with the
intention of not getting caught. Flattening passwords is good
enough for "breaking into" a system (where the owner is going
to know someone has been in there).

If I needed to "break into" a system, I'd bring a Linux LiveCD,
an external hard drive, boot and just copy the entire computer
to the hard drive. With the right Linux LiveCD, no changes are
made to the file systems, and there should be no (easy) evidence
you've been there. The "power on hours" on the hard drive would
be different. And if you weren't careful, the Linux LiveCD can
change the system clock. There are still some details to get
right, and "practicing" before going on your "mission" would help :-)

*******

If I needed to test Ophcrack, I'd probably load a disk image, and
the LiveCD, into a VM and let it run. That way, you'd be insulated
from an actual system while you "practice".

Paul

Paul wrote:
> Yousuf Khan wrote:
>> I'm attempting to test the passwords of various user accounts on my
>> system to find the effectiveness of their passwords. I'm gotten a
>> couple of utilities here, one called (1) "OPH Crack", and (2) another
>> one called "Offline NT Password & registry repair". The #2 seems to
>> work but what it does is it simply deletes the password so you can
>> reset it later; I don't want that I want to test the strength of the
>> existing password. But #1 seems to fail, as it can't find the physical
>> location of the Windows 7 passwords. I've tried the
>> \windows\system32\config folder, and as well as the Syswow64\config
>> folder, but it's not located in either place.
>>
>> Yousuf Khan
>

Forgot the article on SAM.

http://en.wikipedia.org/wiki/Security_Accounts_Manager

Paul

On Mon, 21 May 2012 16:00:27 -0400, Paul <> wrote:

>Yousuf Khan wrote:
>> I'm attempting to test the passwords of various user accounts on my
>> system to find the effectiveness of their passwords. I'm gotten a couple
>> of utilities here, one called (1) "OPH Crack", and (2) another one
>> called "Offline NT Password & registry repair". The #2 seems to work but
>> what it does is it simply deletes the password so you can reset it
>> later; I don't want that I want to test the strength of the existing
>> password. But #1 seems to fail, as it can't find the physical location
>> of the Windows 7 passwords. I've tried the \windows\system32\config
>> folder, and as well as the Syswow64\config folder, but it's not located
>> in either place.
>>
>
>The "Offline" tool probably resets the password, rather than
>displaying the actual password. Cracking passwords is only
>really necessary, if you're breaking into a system with the
>intention of not getting caught. Flattening passwords is good
>enough for "breaking into" a system (where the owner is going
>to know someone has been in there).

If drive encryption is being used, such as Bitlocker, does flattening
the password make the volume inaccessible? I seem to vaguely remember
something about that but I don't remember what it was.

--

Char Jackson

Char Jackson wrote:
> On Mon, 21 May 2012 16:00:27 -0400, Paul <> wrote:
>
>> Yousuf Khan wrote:
>>> I'm attempting to test the passwords of various user accounts on my
>>> system to find the effectiveness of their passwords. I'm gotten a couple
>>> of utilities here, one called (1) "OPH Crack", and (2) another one
>>> called "Offline NT Password & registry repair". The #2 seems to work but
>>> what it does is it simply deletes the password so you can reset it
>>> later; I don't want that I want to test the strength of the existing
>>> password. But #1 seems to fail, as it can't find the physical location
>>> of the Windows 7 passwords. I've tried the \windows\system32\config
>>> folder, and as well as the Syswow64\config folder, but it's not located
>>> in either place.
>>>
>> The "Offline" tool probably resets the password, rather than
>> displaying the actual password. Cracking passwords is only
>> really necessary, if you're breaking into a system with the
>> intention of not getting caught. Flattening passwords is good
>> enough for "breaking into" a system (where the owner is going
>> to know someone has been in there).
>
> If drive encryption is being used, such as Bitlocker, does flattening
> the password make the volume inaccessible? I seem to vaguely remember
> something about that but I don't remember what it was.
>

That's a good observation, and I don't know the answer. If you have
an emergency recovery disk, I presume that helps with Bitlocker.
As without some form of emergency recovery capability, you'd be
screwed in many situations (even a trivial corruption).

Paul

On 21/05/2012 3:25 PM, Dave-UK wrote:
> If you're running Ophcrack from within Windows then you
> have to load the Local SAM file. Ophcrack > Load > Local SAM with samdump2

Yeah, I've tried that, but it doesn't work in Windows 7, perhaps the
password file is in a different location here?

Yousuf Khan

On 21/05/2012 4:00 PM, Paul wrote:
> Yousuf Khan wrote:
>> I'm attempting to test the passwords of various user accounts on my
>> system to find the effectiveness of their passwords. I'm gotten a
>> couple of utilities here, one called (1) "OPH Crack", and (2) another
>> one called "Offline NT Password & registry repair". The #2 seems to
>> work but what it does is it simply deletes the password so you can
>> reset it later; I don't want that I want to test the strength of the
>> existing password. But #1 seems to fail, as it can't find the physical
>> location of the Windows 7 passwords. I've tried the
>> \windows\system32\config folder, and as well as the Syswow64\config
>> folder, but it's not located in either place.
>>
>> Yousuf Khan
>
> Ophcrack has different LiveCDs. Which one did you use ?
>
> http://ophcrack.sourceforge.net/down...hp?type=livecd

I've tried the Vista/7 CD. I'm also using the version that installs
within Windows.

> The "Offline" tool probably resets the password, rather than
> displaying the actual password. Cracking passwords is only
> really necessary, if you're breaking into a system with the
> intention of not getting caught. Flattening passwords is good
> enough for "breaking into" a system (where the owner is going
> to know someone has been in there).

Well, I'm the owner, and I'll know I've been there no matter how
stealthily I go behind my back.


> If I needed to test Ophcrack, I'd probably load a disk image, and
> the LiveCD, into a VM and let it run. That way, you'd be insulated
> from an actual system while you "practice".

Actually that's an idea, I do have a weekly disk image I make of my
system boot disk.

Yousuf Khan

On 21/05/2012 2:32 PM, Yousuf Khan wrote:
> I'm attempting to test the passwords of various user accounts on my
> system to find the effectiveness of their passwords. I'm gotten a couple
> of utilities here, one called (1) "OPH Crack", and (2) another one
> called "Offline NT Password & registry repair". The #2 seems to work but
> what it does is it simply deletes the password so you can reset it
> later; I don't want that I want to test the strength of the existing
> password. But #1 seems to fail, as it can't find the physical location
> of the Windows 7 passwords. I've tried the \windows\system32\config
> folder, and as well as the Syswow64\config folder, but it's not located
> in either place.
>
> Yousuf Khan

Oh, never mind, I got the Windows-installed version to work, by simply
starting the OPH Cracker with Admin privileges. </smacking head>

Yousuf Khan