Xatrix Security

[Xcellerator]

So, can I copy SAM and SYSTEM from C:\Windows\System32\config through SafeMode?

[muto]

I doubt it. You can rip the contents with Administrator rights (using Cain or something), but since they're key parts of the registry, they're still in use in safe mode. Booting Linux does the trick though.

[ICT Tech]

In Safe Mode you may be able to login locally!

This means if you login locally via Safe Mode you would be able to copy this!!

[Xcellerator]

But I don't know the passwords to log in locally... That's what I'm trying to find out.

Also, can CAIN be run from USB? Because then I could export it to a *.lc file then crack it at home...

[ICT Tech]

Hmm, good point, I forgot about that!

I'm not sure if Cain can be run from a USB, that's more of a question for JD or muto, they're good with this sort of stuff!!

[muto]

Cain can be run from a USB stick, but there are a couple of things you need to consider.

The packet sniffing functions will not work without the WinPCap driver installed
Abel.dll is required for the hash dumping, and many antiviruses detect (and delete) it
You need admin rights to dump hashes

[Xcellerator]

Well, on these two glitchy computers at my school, you have local admin rights on it! I can use cmd with full admin privileges, but I don't want to change the password, I want to crack it so I can run any program as admin on any computer! Also, I'm not worried about the sniffer function, I'm only trying to crack a password.
Here's my plan:
1. Log-on
2. Log-off
3. Remove Network Cable
4. Log-on (No Securus, or anti-virus, cos that's all run from the server!)
5. Use USB to dump Local Password Hashes!
6. Remove USB, then insert network cable!
The Server is none the wiser that I've done anything!

[muto]

It'd be worth dumping the Domain Cached Credentials as well, you might get lucky and get the admin hashes in there, if not, you should at least get a couple of other student accounts to work from.

[ICT Tech]

It'd be worth dumping the Domain Cached Credentials as well, you might get lucky and get the admin hashes in there, if not, you should at least get a couple of other student accounts to work from.

Very True!!

And Well Done!!