Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Mar 2006 17:20:14 +0100 (CET)
Subject: Re: john the ripper output

> guyzz.. i am a new user to list, so a big hi to all.. i have been reading
> all the mails since long. well guyz need to ask u something.. I have got a
> SAM file with me.. and i wanna crack pass outta that..
> i know it is a noobie woobie question for u, but for me that would be an
> achievment.. i have download the binary pack from and
> extracted it, there by i got two folders RUN and DOC, ofcourse i went to
> command line and tried using switches with the john-386.exe but was not
> able
> to get anythin useful..
> Simply guide me what do i do with this JOHN if i want to get the  pass
> outta
> this SAM file.. it includes syskey hashes also as i got that SAM file from
> some service pack2 machine..
> thanks & regards
> Realin !

To break the syskey you need the "syskey".
Windows stores it (per default) in a file called "system".

You`ll be able to decrypt the syskey with these lines (wich are a bad hack
imho but it works):


I thought about "recoding" it to improve the quality and submit a "unsam"
tool for john (like unshadow) but I didn`t had the time yet.

You may need to modify it (depends to ya gcc version).

If you decrypted the SAM file (removing the syskey) you should be able to
dump the passwords easily with pwdump2 or something like this.
I thought about including this function also in the "unsam"-tool but as I
said: I had no time yet :-/

Kind regards,

Download attachment "bkhive.tar.gz" of type "application/gzip" (2488 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.