From: Tim (tim-pentestsentinelchicken.org)
Date: Thu Jul 09 2009 - 16:30:11 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Looking for a reference that describes the format of the windows SAM
> file. From what I can tell, the first column is the username and third
> column is the password hash, but I want to know what information is
> contained in the other columns. Google searches on "format windows SAM
> file", "understand windows SAM file", and other related searches have
> proved frustrating. I should mention that the SAM file was obtained
> using pwdump6 in case that is relevant. The format I am seeing is as
> follows:
>
> Username:number:password hash:another hash?:blank:blank:blank
>
> Any help is much appreciated.

The windows SAM file is a registry hive file. The format you're
seeing above is some export by pwdump6 that is just some made up
format representing a subset of what's in the registry.

The Windows registry hive format is described here:
  http://sentinelchicken.com/research/registry_format/

Also, some of Brendan Dolan-Gavitt's tools and blog
(http://moyix.blogspot.com/) posts may be helpful in figuring out
what's what in SAM hives.

tim

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]