Extracting Password Hashes
To crack passwords, one must be able to obtain a copy of the password hashes from the NT PDC. This section looks at some of the ways a copy of the hashes can be obtained. If the person running the password-cracking program is an administrator, then it is very easy, he can just dump the password hashes from the PDC. An administrator can do this either by using L0phtcrack or by running the PWDump2 utility. If the person running the program is not an administrator, then he could obtain the password hashes in one of the following ways:
Sniffing passwords off of the network
Booting into another operating system and copying the SAM
Using LINNT to obtain administrator access
Obtaining a copy from c:\winnt\repair or backup directory ...
Get Hackers Beware now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.