Futplex wrote:
someone quoted: Microsoft Knowledge Base article Q102716 says:
Storage of the Passwords in the SAM Database [...] The second encryption is decryptable by anyone who has access to the double-encrypted password, the user's RID, and the algorithm. The second encryption is used for obfuscation purposes.
Anyone feel like putting together some sample plaintext/ciphertext pairs ?
This will be really difficult, and in practice rather pointless. NT does not allow any user, priviliged or not, to gain access to any form (encrypted or not) of the passwords. They are stored in a protected area of the system registry that only the OS itself can access. The best that you can do is to ask the OS whether a given username/password pair is valid or not, and it took until version 3.51 before MS let you do even that! Of course, rebooting the PC and inspecting the disk with another OS is not an answer since in any decent environment you will not be able to march up to the server with a floppy and hit the reset button! - Andy