Warning and disclaimer: *********************** This article is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this article or the information presented within it. In this article, I will detail the various ways of obtaining and cracking the Windows XP SAM file. The applications of the SAM file are quite limitless. Getting past a nosy parents blocks, investigating colleagues in a workplace or school, or even recovering forgotten passwords. Table of Contents 1 – General Information 2 – Obtaining the SAM file 3 – Cracking the SAM file Section 1 : General Information As you may or may not know, all of the passwords on a Windows XP computer are stored in a SAM File. This file is located on your computer’s hard drive in the directory “C:WINDOWSSystem32Config” The file’s name is SAM, obviously. Now, you may be thinking, “Wow, this was incredibly easy, I just right click the file, and click send to a floppy or where ever. Well, unfortunately, it isn’t that simple. I will detail the various methods of getting the SAM file in the next section. Section 2 : Obtaining the SAM file In the previous section, I discussed where the SAM file was found. As you may have found out, when you attempt to copy this file, you get a nasty error saying something along the lines of “Access is denied. File is in use.” The SAM file is in use by the system, so you cannot just go to task manager, and end the process. You need to find alternate methods of starting up the computer without using the SAM file. As far as I know, this can be done several ways. Booting the computer up into Linux using a boot CD or floppy is one method. To use this method, you will need a Linux Boot CD, and access to BIOS. If you don’t have access to BIOS then consult one of the many tutorials on the web on how to crack the BIOS password. To make a bootable Linux CD, you have to find a version of Linux, which can be burned and run off a CD (To find these, consult my links, or search google). This should be relatively easy to find. Next you need some kind of burning software, which allows you to burn an image onto a CD (Consult Links, or search google). This a bit harder to find for free, but a demo works just fine. After you have these, burn the image to the CD. You now have a Linux Boot CD. Now to alter the BIOS settings, so that you can boot into Linux from the CD. Shut down your computer, and during the start up screen, you should see a notice to press F1 or F8 (Maybe a different key) to enter Boot setup. Press it. This will take you into the BIOS, however, if there is a password on the BIOS, then you have to consult an article about cracking BIOS passwords. Next go to Boot Order and change the CD drive to first. Save your changes, insert your Linux CD and exit. Let the system boot up. It should boot into Linux if you did everything correctly. Now all you have to do is insert a blank floppy, and copy the SAM file to it, since it is not in use anymore because Windows is not running. Congratulations, you now have the SAM file. Be sure to get the SYSTEM file in the same directory as well, as some passwords are encrypted with keys from within that file. Another, somewhat easier way of obtaining the files is using a MSDOS boot disk. This method doesn’t require you to go looking for some software, or using special burning software. Just insert a floppy, right click on it in My Computer, and click on format floppy. When the menu appears, mark the box for “Create a MS-DOS startup boot disk”, and then click the start button. After you have made your disk, restart your computer with the disk still in the drive. Make sure you BIOS settings boot from the floppy drive before the hard-drive. When the computer boots, you should se a screen similar to that I command prompt. “A:>” is most likely the prompt you will see. First you need to change drives to the c drive. This is done various ways on different computers. “cd C:” or “C:” usually work. Next you will need to use the copy command to copy the SAM and SYSTEM files to other areas of the hard drive. The syntax for the copy command is as follows without the quotes : “C:Copy (file to be copied) (destination)” so the correct command which will get the file for you is “C:Copy C:WINDOWSSystem32ConfigSAM C:” This will copy the SAM file to the C drive. Replace “SAM” with “SYSTEM” to get the system file. Next you might want to rename these files. This is the syntax for the Rename command : “C:ren (file to be renamed) (new file name)”. The command, which will rename your files for you, will be “C:ren C:SAM Whatever” if you saved it to the C drive. This will rename you SAM file to Whatever. Now restart your computer without the boot disk in and start up windows. Copy the files onto a floppy. Note : you may have to zip it as the SYSTEM file is pretty big. The reason these methods work, are because the SAM file is not in use when you aren’t running Windows, and when u copied and renamed the file, it did not get used by windows when you logged on. Now on to the easy part, cracking the SAM file. Section 3 : Cracking the SAM file There is a wealth of programs available that will crack the SAM file for you. You can also attempt to crack it by hand. I having neither the time nor the skill required to do this, used a program. Some programs I recommend are SAMinside, which unfortunately costs money, Proactive Windows Security Explorer, which actually can import the SAM file from memory, so you will not need to obtain it by yourself if you are doing this on your home computer, and of course CAIN and ABEL will do the trick as well. Most of these programs test about 4 to 5 million passwords per second, at least on my machine, so if the password if below 7 characters, it should be able to crack it in one day. However, if the password is 7 or more characters in length, then it will take a substantial amount of time. When I did this, my password was 7 characters in length and it took my computer just over 3 days to crack it.