So here's how it went, guys.
I was innocently minding my own business doing school-related things in my Cisco class one day, when I notice the guy next to me has a Java applet running that finds SAM files on the local machine and tells you where they are. It found one in C:\REPAIR. Let me tell you something about that directory and that file.
A SAM file is used in Windows for password authentication. It contains passwords encrypted with a hash function - a function which is MATHEMATICALLY IMPOSSIBLE to decrypt, might I add. When I say that, I mean it literally. It's impossible to decrypt a hash function. Furthermore, it was a Win2K machine, which means the hashes were encrypted with SYSKEY - something that an ordinary password cracker will shit itself at. Basically, we've established that there is no way in hell your average skiddie would break this thing. It would take a sysadmin to know what the hell was going on.
C:\REPAIR is created when a repair disk is used to boot a Windows machine that won't boot from the hard disk. The disk cautions you to delete the directory C:\REPAIR about a million times when you run it, because it copies the SAM file to that directory. ANYONE WHO HAS RUDIMENTARY KNOWLEDGE OF NETWORK ADMINISTRATION KNOWS TO DELETE THE REPAIR DIRECTORY! If you're too lazy to delete the repair directory you should at least change the passwords on the machine. Come on. Even I know that, and I'm just a punk-ass 16-year-old who knows a bit about computers and networking.
Basically, what all this means is that someone ran a repair disk on the ghost machine (hard drive that was copied to all the other hard drives in all the other computers in the room), didn't delete the repair directory, and may or may not have changed the passwords. SEEING AS HOW I NEVER EVEN CRACKED THE FILE, I WOULDN'T KNOW THAT! Ahem. Anyway.
So I copied this SAM file into a directory marked "nerdy stuff". I like nerdy stuff, including math and computer security. I knew there wouldn't be any network accounts in it, and I assumed that the passwords would probably be changed anyway. I didn't want to crack it.
Part II comes tomorrow.
I was innocently minding my own business doing school-related things in my Cisco class one day, when I notice the guy next to me has a Java applet running that finds SAM files on the local machine and tells you where they are. It found one in C:\REPAIR. Let me tell you something about that directory and that file.
A SAM file is used in Windows for password authentication. It contains passwords encrypted with a hash function - a function which is MATHEMATICALLY IMPOSSIBLE to decrypt, might I add. When I say that, I mean it literally. It's impossible to decrypt a hash function. Furthermore, it was a Win2K machine, which means the hashes were encrypted with SYSKEY - something that an ordinary password cracker will shit itself at. Basically, we've established that there is no way in hell your average skiddie would break this thing. It would take a sysadmin to know what the hell was going on.
C:\REPAIR is created when a repair disk is used to boot a Windows machine that won't boot from the hard disk. The disk cautions you to delete the directory C:\REPAIR about a million times when you run it, because it copies the SAM file to that directory. ANYONE WHO HAS RUDIMENTARY KNOWLEDGE OF NETWORK ADMINISTRATION KNOWS TO DELETE THE REPAIR DIRECTORY! If you're too lazy to delete the repair directory you should at least change the passwords on the machine. Come on. Even I know that, and I'm just a punk-ass 16-year-old who knows a bit about computers and networking.
Basically, what all this means is that someone ran a repair disk on the ghost machine (hard drive that was copied to all the other hard drives in all the other computers in the room), didn't delete the repair directory, and may or may not have changed the passwords. SEEING AS HOW I NEVER EVEN CRACKED THE FILE, I WOULDN'T KNOW THAT! Ahem. Anyway.
So I copied this SAM file into a directory marked "nerdy stuff". I like nerdy stuff, including math and computer security. I knew there wouldn't be any network accounts in it, and I assumed that the passwords would probably be changed anyway. I didn't want to crack it.
Part II comes tomorrow.
0 Comments:
Post a Comment
<< Home