Copy SAM file in use without using any software

Copy SAM file in use without using any software

Hi, here I’m going to show how to copy SAM file and System file from live OS using command prompt.

The SAM (Security Accounts Manager) file in windows is such an important file in windows Operating System. As the name suggests it is concerned with the security in Windows Operating Systems. This file contains users password in encrypted hash (LM hash and NTLM hash) format. The SAM file is a partially encrypted file using a SYSKEY. It will be a great advantage if we using pin for logging (supports in windows 8 and 8.1) and forgot password. If we get a copy of these file, it is easy to crack using tools such as Cain or Saminside

The user passwords are stored in a hashed format in a registry hive either as a LM hash or as a NTLM hash. This file can be found in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM. It is not possible to copy SAM from live OS simply using a copy instruction.

Steps:

  • Open a command prompt (Admin privilege required)
  • Enter the following commands

    reg save hklm\sam c:\sam

    reg save hklm\system c:\system

  • Now you will find a copy of these files in your C drive
4.1/5 - (10 votes)

4 Comments

Sanford Olazabal

February 5, 2016 at 3:03 am

It’s hard to find knowledgeable people on this topic, but you sound like you know what you’re talking about! Thanks

akagutz

December 12, 2016 at 10:36 pm

this is realling good and sharp

Robert

February 24, 2017 at 12:05 pm

This is fantastic. Thanks for the knowledge

Manoucher

August 11, 2017 at 5:33 pm

Then how to read that Sam file and extract hashed password. It seems totaly hex as I guess.
I mean to do this by code. Thanks

Log out of this account

Leave a Reply