Copy SAM file in use without using any software

Copy SAM file in use without using any software

Hi, here I’m going to show how to copy SAM file and System file from live OS using command prompt.

The SAM (Security Accounts Manager) file in windows is such an important file in windows Operating System. As the name suggests it is concerned with the security in Windows Operating Systems. This file contains users password in encrypted hash (LM hash and NTLM hash) format. The SAM file is a partially encrypted file using a SYSKEY. It will be a great advantage if we using pin for logging (supports in windows 8 and 8.1) and forgot password. If we get a copy of these file, it is easy to crack using tools such as Cain or Saminside

The user passwords are stored in a hashed format in a registry hive either as a LM hash or as a NTLM hash. This file can be found in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM. It is not possible to copy SAM from live OS simply using a copy instruction.

Steps:

  • Open a command prompt (Admin privilege required)
  • Enter the following commands

    reg save hklm\sam c:\sam

    reg save hklm\system c:\system

  • Now you will find a copy of these files in your C drive