How to access the SAM file in Windows 10

linux windows password-recovery
35,764

The SAM hive still exists in Windows 10, and it's in the same place. For local non-Microsoft accounts, the format does not appear to have changed; the NTLM hash is still the 16 bytes before the last 8 bytes of the V value.

For accounts that sign in with a Microsoft account password, the CachedLogonInfo value contains the cached password (source). Unfortunately, it's not just an NTLM hash, so normal Windows hash cracking tools won't work on it. If that page is correct and the algorithm is indeed much stronger - which would make sense, since it would be very bad if an MS account password could be retrieved from a workstation - then cracking it would take an extremely long time considering the complexity requirements Microsoft puts in place.

Share:
35,764

Related videos on Youtube

Joe
Author by

Joe

I am an all around tech enthusiast with a passion for security.

Updated on September 18, 2022

Comments

  • Joe
    Joe almost 2 years

    In the past I have cracked Windows passwords with a Live Linux disk and navigating to the SAM file. In windows 10 it seems this information is stored on the cloud. Is there a way to find this locally on the machine?

  • Joe
    Joe over 7 years
    Thanks for the source it was great and mostly what I was looking for. I possibly should have rephrased my question. Instead of cracking if I were to just delete the cached credentials would it unlock the system?
  • Ben N
    Ben N over 7 years
    @Joe I suspect that there's some other bookkeeping that identifies it as a Microsoft account. If you just need to get into the machine, you might use something like this approach to create a new administrative user.
  • Joe
    Joe over 7 years
    Thanks again. I have seen that method before definitely a neat trick.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Recovering a Windows 10 password when the partition is read-only
Flutter Desktop: how to hide a window (and keep the process alive)?
Flutter release to linux
Is it possible to write Windows/Linux/MacOS-specific code in Flutter?
How to copy file from linux to windows server using c
How to get user password expiration date from Active Directory?
Compiling a Linux program for ARM architecture - running on a host OS
How to create a folder in C (need to run on both Linux and Windows)
Using Git with a Samba shared folder
Multi-user login & remote desktop on Windows / Linux?