READ : The accounts and associated hashes on a Windows Operating System is store

Question

READ:

The accounts and associated hashes on a Windows Operating System is stored in a file named SAM (Security Account manager), this file is stored in the “Windows/System32/config” directory. This file cannot be read directly by applications (notepad, Word etc) nor can it be copied while the operating system is running.

Two tools are included with Kali Linux that will allows us to extract the usernames/hashes pairs: pwdump and samdump2.

DO: Type ”cd /Winpart/Windows/System32/config” ; change to the config directory. Refer to the following snapshot.

DO: Type “pwd” ; this will display your present working directory

Q: What was the path displayed? ___________________________________________

DO: Type “ls –l SAM*” ; displays all files beginning with the letters SAM

Q: What is the size of the SAM file? _______________________________

DO: Type “samdump2 SYSTEM SAM > ~/winhash.txt” ; This will extract the info and save it to a file named winhash.txt in root home directory (/root)

DO: Type “cd”   ; this will take you back to the /root directory.

DO: Type “pwd”

Q: What was the path displayed? ___________________________________________

root@kali: Winpart/Windows/System32/config File Edit View Search Terminal Help root@kali.~# cd /winpart/windows/System32/config/ root@kali /Winpart/Windows/System32/config

Explanation / Answer

1. when "pwd" is executed the path displayed will be

"/Winpart/Windows/System32/config"

2. size of SAM FILE IS "131072 [200000] bytes"

3. the path displayed is "/root"

Related Questions

Navigate

• Browse (All)
• Browse R
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.