08-24-2020, 04:14 PM
The current version is 2.0.1 and has the benefit of being able to extract the syskey on its own. This means dumping the hashes in now a 1 step process instead of two. To upgrade and run sampdump2 v2.0.1:
1. download the current sampdump2 from http://sourceforge.net/project/showfiles..._id=133599
2. # tar -xjvf samdump2-2.0.1.tar.bz2
3. # cd samdump2-2.0.1
4. # make
5. # cp samdump2 /usr/local/bin/samdump20 this will keep the existing version. If you want to overwrite the existing version do:
# cp samdump2 /usr/local/bin/
6. mount your windows partition substituting hda1 for whatever your windows partition is
# mount /dev/hda1 /mnt/XXX
7. if the syskey password is stored locally samdump2 v2.0 will extract it from the registry so it can decrypt the SAM. If syskey is setup to prompt for a password or the password is on a floppy, stop now and read the syskey documentation in this document for more information about syskey. If you installed windows to something other C:\WINDOWS please substitute the correct path. WARNING the path is case sensitive. The filenames of sam, security, and system are case sensitive. On my system these files are lowercase. I have come across other XP systems where they are uppercase. On the Vista system I have used the filenames are uppercase.
8. # samdump2 /mnt/XXX/WINDOWS/system32/config/system /mnt/XXX/WINDOWS/system32 /config/sam >hash.txt
samdump2 will dump the SAM to the screen and the > character redirects the output to a file called hash.txt
you can also run samdump2 with the -o parameter to write the output to a file
# samdump2 -o hash.txt /mnt/XXX/WINDOWS/system32/config/sam syskey.txt
1. download the current sampdump2 from http://sourceforge.net/project/showfiles..._id=133599
2. # tar -xjvf samdump2-2.0.1.tar.bz2
3. # cd samdump2-2.0.1
4. # make
5. # cp samdump2 /usr/local/bin/samdump20 this will keep the existing version. If you want to overwrite the existing version do:
# cp samdump2 /usr/local/bin/
6. mount your windows partition substituting hda1 for whatever your windows partition is
# mount /dev/hda1 /mnt/XXX
7. if the syskey password is stored locally samdump2 v2.0 will extract it from the registry so it can decrypt the SAM. If syskey is setup to prompt for a password or the password is on a floppy, stop now and read the syskey documentation in this document for more information about syskey. If you installed windows to something other C:\WINDOWS please substitute the correct path. WARNING the path is case sensitive. The filenames of sam, security, and system are case sensitive. On my system these files are lowercase. I have come across other XP systems where they are uppercase. On the Vista system I have used the filenames are uppercase.
8. # samdump2 /mnt/XXX/WINDOWS/system32/config/system /mnt/XXX/WINDOWS/system32 /config/sam >hash.txt
samdump2 will dump the SAM to the screen and the > character redirects the output to a file called hash.txt
you can also run samdump2 with the -o parameter to write the output to a file
# samdump2 -o hash.txt /mnt/XXX/WINDOWS/system32/config/sam syskey.txt