|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Pete.LeMay (pete.lemay
whro.org)
Date: Fri Jul 10 2009 - 12:10:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
First return on google search of "pwdump file format" returns this structure:
Each string of a PwDump file is compiled in the following format: "UserName:RID:LMhash:NThash:FullName,Description:HomeDirectory:" .
-----Original Message-----
From: listbouncesecurityfocus.com [mailto:listbouncesecurityfocus.com] On Behalf Of Ron
Sent: Thursday, July 09, 2009 4:06 PM
To: Hernandez IV, Miguel
Cc: pen-testsecurityfocus.com
Subject: Re: Format of SAM File
Hernandez IV, Miguel wrote:
> All,
>
> Looking for a reference that describes the format of the windows SAM
> file. From what I can tell, the first column is the username and third
> column is the password hash, but I want to know what information is
> contained in the other columns. Google searches on "format windows SAM
> file", "understand windows SAM file", and other related searches have
> proved frustrating. I should mention that the SAM file was obtained
> using pwdump6 in case that is relevant. The format I am seeing is as
> follows:
>
> Username:number:password hash:another hash?:blank:blank:blank
>
> Any help is much appreciated.
>
> Miguel
Hi Miguel,
There's no "standard" format, but the format that's most often used (by
pwdump and fgdump, for example) is:
username:rid:lanman:ntlm:::
rid is basically the user id on the system -- 500 = admin, 501 = guest,
1000+ = standard users.
lanman and ntlm are two different types of hashes -- lanman is weak,
ntlm is reasonable.
I'm not sure what, if anything the last three spots are.
Hope that helps!
Ron
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]