Win NT proprietary pw encryption (Was: Re: Windows .PWL cracker...)

[Ted Cabeen]

At 11:39 AM 12/11/95 +0000, you wrote:
>Futplex wrote:
>> someone quoted:
>> Microsoft Knowledge Base article Q102716 says:
>> > Storage of the Passwords in the SAM Database
>> [...]
>> > The second encryption is decryptable by anyone who has access to the
>> > double-encrypted password, the user's RID, and the algorithm. The second
>> > encryption is used for obfuscation purposes.
>> 
>> Anyone feel like putting together some sample plaintext/ciphertext pairs ?
>
>This will be really difficult, and in practice rather pointless.  NT does
>not allow any user, priviliged or not, to gain access to any form (encrypted
>or not) of the passwords.  They are stored in a protected area of the system
>registry that only the OS itself can access.  The best that you can do is
>to ask the OS whether a given username/password pair is valid or not, and it
>took until version 3.51 before MS let you do even that!
I took a quick look in my NT registry and you can get access to the Account
Manager section of the registry by manually changing the permissions and
giving yourself access.  I didn't have the time to look at all of the
entries in the registry, but there's a lot of stuff there and I wouldn't be
suprised if the encryted passwords were available.  Of course, you have to
be an administrator to change the permissions, but it is possible.
_____________________________________________________________________________
Ted Cabeen                                                  cabeen at netcom.com
Finger for PGP Public Key                        secabeen at midway.uchicago.edu
"I have taken all knowledge to be my province."            cococabeen at aol.com