SAMInside program is designated to recover Windows NT/2000/XP/2003 users' passwords
| Author: | InsidePro |
|---|---|
| Language: | English French German Italian Korean Portuguese Russian Spanish |
| Date: | 11/19/2006 |
| Size: | 610 kb |
| License: | Demo |
| Price: | $40 |
| Platform: | Win95 Win98 WinME WinXP WinNT 4.x Windows2000 Windows2003 |
SAMInside has some outstanding features:
- The program has small size, doesn't require installation and can be run from diskette, CD/DVD-disk or USB[?]-drive.
- Includes over 10 types of data import and 6 types of passwords attack:
- Brute-force attack;
- Distributed attack;
- Mask attack;
- Dictionary attack;
- Hybrid attack;
- Pre-calculated tables attack.
- Forcing program code is written completely on Assembler what lets to get extremely high speed of password forcing procedure on any processor.
- Program correctly extracts Windows NT/2000/XP/2003 users' names and passwords in national symbol encoding.
- The program is the first utility in the world which started to work with passwords encrypted by system key SYSKEY!
Data import
SAMInside has the following data import features:
- "Import from SAM and SYSTEM registry files" - import of users' data from SAM registry file. If there's additional encryption by SYSKEY in the imported SAM file (on default enabled in Windows 2000/XP/2003), then the program will also need SYSTEM Windows registry file located at the same Windows directory there SAM file was - folder %SystemRoot%\System32\Config. Copies of these files may be also found in %SystemRoot%\Repair and %SystemRoot%\Repair\RegBack folders. (Note: %SystemRoot% - is a system directory of OS Windows, usually C:\WINDOWS or C:\WINNT).
- "Import from SAM registry file and file with system key" - import of users' from SAM Windows registry file using file with system key SYSKEY.
- "Import from PWDUMP file" - import of users' data from text file of PWDUMP program format. You can find test files with users in the SAMInside program archive.
- "Import from *.LC file" - import of users' data from files created by L0phtCrack program.
- "Import from *.LCP file" - import of users' data from files created by LC+4 and LC+5 programs.
- "Import from *.LCS file" - import of users' data from files created by LC4 and LC5 programs.
- "Import from *.HDT file" - import of users' data from projects created by Proactive Windows Security Explorer program and Proactive Password Auditor program.
- "Import from *.LST file" - import of users' data from the LMNT.LST file, created by Cain&Abel program.
- "Import local users ..." - import of local users' data (to do that launch the program with Administrator user's rights). The program uses the following methods to get local users:
- The program also lets to add users with known LM/NT hashes through the dialog box (Alt+Ins).
1. " ... using LSASS" - import of local users' data using connection to LSASS process.
2. " ... using Scheduler" - import of local users' data using system utility Scheduler.
Data export
SAMInside has the following data export features:
- "Export users in PWDUMP file" - export all users' data to text file in the PWDUMP program format. Then you can load got file to any passwords recovery program you like.
- "Export selected users in PWDUMP file" - export selected users' data to text file in the PWDUMP program format.
- "Export found passwords" - export found passwords in format "User name: Password".
- "Statistics export" - export of current program statistics to the text file.
Passwords recovery
Brute-force attack:
This kind of attack is exhaustive search of all probable password variants.
Brute-force attack also includes distributed attack. This kind of attack allows to use several different computers to recover passwords distributing passwords to process between them. This kind of attack is enabled automatically when user sets more than one computer to participate in attack. Then feature of range selection for current computer becomes available. So, to start distributed attack you need to:
- Run program on several computers.
- Choose number of computers for attack.
- Make the same settings for attack for all computers.
- Choose special range for passwords attack for each computer.
- Run brute-force attack on every computer.
Mask attack:
This kind of attack is used if there's any information about the password. For example:
- Password starts from the symbol combination "12345";
- First 4 symbols of the password are numbers, others are letters;
- Password has 10-symbol length and there's symbol combination "admin" in the middle of the password;
- etc.
Mask attack settings allow to form mask for passwords to attack and to set maximal length of passwords to process. Mask setting is the following: if you don't know N-symbol of the password, then set N-checkbox of mask and choose mask for this symbol in appropriate textual field. If you know any symbol of the password, enter it to N textual field and switch off mask checkbox.
Program uses the following masks:
? - any printable symbol (ASCII-codes 32...255).
A - any Latin capital (A...Z).
a - any small Latin (a...z).
S - any special symbol (!@#...).
N - any number (0...9).
1...8 - any symbol from custom symbol set; you may have up to 8 sets specified.
Dictionary attack:
Dictionary is text file consisted of commonly used passwords like
123
admin
master
etc.
Dictionary attack settings include hybrid attack, i.e. feature to append up to 2 symbols before or after the password what lets to recover passwords like "master12" or "#admin".
Pre-calculated tables attack:
This type of attack uses Rainbow technology (http://www.antsight.com/zsl/rainbowcrack/) to create pre-calculated tables.
Additionally:
- All kinds of attack require additional specification what type of hashes (LM or NT) to use for password recovery.
- Mark the files you're going to use for dictionary attack (in the dictionary files list) and for pre-calculated tables attack (in the tables list).
