Category : Windows
Hi, here I’m going to show how to copy SAM file and System file from live OS using command prompt.
The SAM (Security Accounts Manager) file in windows is such an important file in windows Operating System. As the name suggests it is concerned with the security in Windows Operating Systems. This file contains users password in encrypted hash (LM hash and NTLM hash) format. The SAM file is a partially encrypted file using a SYSKEY. It will be a great advantage if we using pin for logging (supports in windows 8 and 8.1) and forgot password. If we get a copy of these file, it is easy to crack using tools such as Cain or Saminside
The user passwords are stored in a hashed format in a registry hive either as a LM hash or as a NTLM hash. This file can be found in %SystemRoot%/system32/config/SAM and is mounted on HKLM/SAM. It is not possible to copy SAM from live OS simply using a copy instruction.
- Open a command prompt (Admin privilege required)
- Enter the following commands
reg save hklm\sam c:\sam
reg save hklm\system c:\system
- Now you will find a copy of these files in your C drive
Watch video: https://www.youtube.com/embed/MtPhbCwME5w