Copy SAM file in use without using any software
Category : Windows
Hi, here I’m going to show how to copy SAM file and System file from live OS using command prompt.
The SAM (Security Accounts Manager) file in windows is such an important file in windows Operating System. As the name suggests it is concerned with the security in Windows Operating Systems. This file contains users password in encrypted hash (LM hash and NTLM hash) format. The SAM file is a partially encrypted file using a SYSKEY. It will be a great advantage if we using pin for logging (supports in windows 8 and 8.1) and forgot password. If we get a copy of these file, it is easy to crack using tools such as Cain or Saminside
The user passwords are stored in a hashed format in a registry hive either as a LM hash or as a NTLM hash. This file can be found in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM. It is not possible to copy SAM from live OS simply using a copy instruction.
Steps:
- Open a command prompt (Admin privilege required)
- Enter the following commands
reg save hklm\sam c:\sam
reg save hklm\system c:\system
- Now you will find a copy of these files in your C drive
Done!
Watch video: https://www.youtube.com/embed/MtPhbCwME5w
4 Comments
Sanford Olazabal
February 5, 2016 at 3:03 amIt’s hard to find knowledgeable people on this topic, but you sound like you know what you’re talking about! Thanks
akagutz
December 12, 2016 at 10:36 pmthis is realling good and sharp
Robert
February 24, 2017 at 12:05 pmThis is fantastic. Thanks for the knowledge
Manoucher
August 11, 2017 at 5:33 pmThen how to read that Sam file and extract hashed password. It seems totaly hex as I guess.
I mean to do this by code. Thanks