Windows login System

Hmm… Its all with the sam file @Maxlockhart !!

But I am not sure if you will be able to open that file while using windows. When you try to open it Windows actually gives you an error that it is being used by another process something like that.

So…dual boot and get to it?

or do this:

http://www.wikihow.com/Use-the-Sam-to-Hack-Windows

Hey you can use Cain and Abel !!
But i think its going off topic.

@Fireshard haha yeah I was thinking the same thing. Before I say anything else booted via live usb at school so let me take a look at the SAM file. Pc’s running Win7

I’m thinking about making my own program btw. No need to use a software for this. I’ve used Cain and Abel before, don’t care too much for it and ophcrack is pretty good but not really hacking just loading a hash with unconverntional access

Here’s a good little article on things located right here

But opening SAM file in System32 using ophcrack or any software is only helpful to decrypt the hash to get the userid and password needed during logging in windows during startup.
I guess , cracking SAM file won’t help in showing the logs of the ongoing process during bootup.

Okay I’ve looked through some tings myself and read article online. It seems this is only the hash. I’m looking for something more based on when the user logs in, where the algorithm is processed, and the checked with the SAM hash. I knew the key was for hashes but thought maybe there was more to it. If there is please correct me but all this seems like is user ids/pass.

Or is there some way to see what’s going on? Like, using Linux without xorg for example. ]

Maybe there’s a way to BOOT into a LUI of Windows? That could help a lot of things. I’m going to log off and try some things myself. If I find anything I’ll post the results.

MaxLockhart: Windows is closed source OS. I don’t think you will get a file which will display all that information which you are looking for. Linux on the other hand is open source hence you can see all the information that you want in it. Microsoft doesn’t like anyone tampering with their OS other than themselves.

And more of it is that to view the logs of the ongoing processes during bootup is much more complicated due to the fact that the login process in windows take place through an isolated piece of code which is basically Read Only and not linked to any other file in the System unlike the Task Manager . Furthermore I haven’t heard of anything about its location in the System32 nor of a cracker of any sort for it . All that is there is the hashes in the SAM file for the login !!

Yeah no shit @tlotr. Windows doesn’t like that at all!!
I observed that there are logs of every login and logout in Windows. Because when you open up CMD and type:
net user "Username"
It shows the login time. So, therefore there might be an start up log too showing that which all system files were active during the last startup process. Hence, getting an elaborate view of the things happening off screen.
Just a guess.

Thank you for bringing some of my dignity back @IAmDevil! Not a noob just looking for some creativetly. Yes @tlotr it is a closed source piece of shit. But I really want to exploit it good. There has to be a way to pull something off. Anything is possible.. hmmmmm… Anybody think anything could be pulled via live usb running a much more updated version of dos and screwing with the Windows partition? Maybe Xenix (OLD) since it’s a Unix based operating system? It’s flexibility may be limited though. Not sure if mounting a drive is even possible. So @IAmDevil something is going on behind closed doors it just has to be exploited and read some how. Just have to figure out what. @Abhi_hacker Yes, SAM files wrong place to go but maybe have some clues and fingerprints (in a figurative manner) as well as the NET USER command @IAmDevil. If that command is able to output the information it has to be getting input from somewhere. So investigating that should help some and after the source of that input is discovered you can further find where that comes from so on so forth. I’m going to do some more research. Nothing I kind find documented on this exact topic but there have to be little clues here and there for such an exploit.

So useful trying to do this without a copy of Windows on me :P

Edit:

Looking online for a Windows 7 Registry Key tree or something. Pretty much the whole thing online. Can’t seem to find anything, but I did seem to find this which is some people who find editing the login wallpaper pretty badass.

I guess that’s cool and all but not quite what I’m looking for. Thanks to this I noticed…. RIGHT below that looks incredibly interesting–

*HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData*

I’m guessing LoginUI stand for Login User Interface… Feel pretty confident on that and that SessionData handles the sessions data. Haha, sorry just got a little happy!

So in need of a copy of Windows right now…

Well, i have a useless original Vista CD lying around (came with my laptop, hated its guts and changed to win7 as soon as i could)…not sure how to send it to you, though :-P

Haha lol @Fireshard . You can just download a Windows OS online.
Yes editing the login background wallpaper is close to what yosu are looking for. The SessionData might help. I’ll too start looking for something.

I know that, but that would be illegal (not that i’m complaining). And I also have a CD that is completely useless to me :P

I would never spend 18,000 bucks on Windows. I’ll buy something else instead of buying a Windows OS.

MaxLockhart: Maybe you can try with a Live Windows CD. Try Hiren’s Boot CD. I have one of their versions on a CD. It’s a Bootable CD and it has Live Windows XP in it. You can directly boot into Windows XP from the CD. You might want to check it out. Maybe you can boot into Windows XP and then fiddle with the other Windows OS files or something like that.

And also it has some other tools as well.

Hiren’s Boot CD

Yeah @tlotr .
You can also try a VM machine @MaxLockhart . Its much more convenient! ?

Sorry, had a pretty hardcore weekend at work. I want to reply to the posts but have limited time and will do so later on. I do want to keep this thread running though, like many others as well, for those who this information may help and teach other users, of this site and allow them to ask questions. Here are some interesting links that help understand this topic better and get familiar with Windows reg. and tools for linux users to help with forensics of a Windows system on this topic.

Inside The Registry - Information on the reg in general
Offline NT Password and Registry Editor (chntpw)

I guess

Now some stuff is outdated but you can fill in the blanks where to this information can still be applied. I’m assuming the registry hasn’t changed much since then.

I have not tested this tool either so… Not sure if it just resets/deletes the passwords or if you can full on load any key or hive and use it just like Windows Registry Editor. I do know this though! It is a text-only tool! Makes me happy :) because I do prefer a line user interface, sorry to all of you GUI fans out there. :( It is open source as you can see on the website there so if anyone gets inspired to make a GUI for yourself you can!

It can be obtained by:

sudo apt-get install chntpw  

TTFN! ta ta for now!