This is an copy/paste from the documentation of LC3 (l0phtcrack3):
<< this approach will not allow you to obtain password hashes from most Windows 2000 systems, as Windows 2000 uses SYSKEY by default. SYSKEY was introduced in Windows NT Service Pack 3, but was not turned on by default, so SAM access works on most Windows NT systems. SYSKEY provides an additional layer of encryption to password hashes. Interestingly, you can't tell by looking at the SAM or at the password hashes whether they've been encrypted with SYSKEY or not. LC3 cannot crack SYSKEY-encrypted password hashes. >>
I have recently taken an intrest in Windows security and decided to take a look at l0phtcrack as it is mentioned frequently at NT security sites.
Now on the main page for LC3 it says support for machines w/ SYSKEY but looking at the manual it says otherwise.
What confuses me more is I am able to retrieve my Admin password from the SAM file just using the dictionary search. I chose a simple word likely to be in the dictionary to test and it found it in about 30 secs.
Windows 2000 has the advanced encryption algorithm SYSKEY by default doesn't it? So why does it work on my comp?
Also is Windows 2000 vulnerable to the 'GetAdmin' program?
Many thanks.
<< this approach will not allow you to obtain password hashes from most Windows 2000 systems, as Windows 2000 uses SYSKEY by default. SYSKEY was introduced in Windows NT Service Pack 3, but was not turned on by default, so SAM access works on most Windows NT systems. SYSKEY provides an additional layer of encryption to password hashes. Interestingly, you can't tell by looking at the SAM or at the password hashes whether they've been encrypted with SYSKEY or not. LC3 cannot crack SYSKEY-encrypted password hashes. >>
I have recently taken an intrest in Windows security and decided to take a look at l0phtcrack as it is mentioned frequently at NT security sites.
Now on the main page for LC3 it says support for machines w/ SYSKEY but looking at the manual it says otherwise.
What confuses me more is I am able to retrieve my Admin password from the SAM file just using the dictionary search. I chose a simple word likely to be in the dictionary to test and it found it in about 30 secs.
Windows 2000 has the advanced encryption algorithm SYSKEY by default doesn't it? So why does it work on my comp?
Also is Windows 2000 vulnerable to the 'GetAdmin' program?
Many thanks.