參考 http://www.answerbag.com/q_view/1226369
SAM File - Holds the user names and password hashes for every account
on the local machine, or domain if it is a domain controller. Simple
enough wouldn't you say?
§ Where do I find the SAM/Hashes?
You can find what you're looking for in several locations on a given machine.
It can be found on the hard drive in the folder
%systemroot%system32config. However this folder is locked to all
accounts including Administrator while the machine is running. The only
account that can access the SAM file during operation is the "System"
account.
You may also be able to find the SAM file stored in %systemroot% epair
if the NT Repair Disk Utility a.k.a. rdisk has been run and the
Administrator has not removed the backed up SAM file.
The final location of the SAM or corresponding hashes can be found in
the registry. It can be found under HKEY_LOCAL_MACHINESAM. This is also
locked to all users, including Administrator, while the machine is in
use.
So the three locations of the SAMHashes are:
- %systemroot%system32config
- %systemroot% epair (but only if rdisk has been run)
- In the registry under HKEY_LOCAL_MACHINESAM
留言列表
Window (2)
