SAM file Hash Cracking with Cain n Abel | Lucideus Research

About SAM
SAM stands for “Security account manager”.It is a database file in Windows XP, Windows Vista, Windows 7, Windows 8.1, Windows 10 that stores user’ password. It stores the password in the hash value which is not a readable form
Location:-  C:\Windows\System32\config

About Cain & Abel
Cain & Abel(GUI based) is a password recovery tool for Microsoft Operating Systems. It allows recovery of several kinds of passwords by sniffing the networks, cracking encrypted passwords using Dictionary, Brute-force and cryptanalysis, Recording VoIP conversations, Decoding scrambled passwords, Recovering wireless network keys and all stuff.
Download link:-  http://cain_abel.en.downloadastro.com/

Lab Environment
Operating system:- Windows 7
Tool:- Cain & Abel v4.9.35

Proof Of Concept
Step 1: Before opening the Cain & Abel firstly we will have to off all the security checks(firewall, antivirus, window defender etc.). I off firewall because only this security is on my OS.



Step 2: After installing and do all the setup of Cain & Abel then we have UI.


Step 3: Then click on the Cracker submenu, After click we get. 


Right-click on the plain area.
Then click on “Add to list”.

Check the radio button(Import hashes from local system).



Then click on next.

Step 4: Then After clicking on the next you will get all the user of that operating system. here we can see that there are three users account in the operating system and only one has cross sign means this account is protected with the password and password is in the SAM file and the password in the form of hash value that we have to crack.


Step 5: Right-click in the user “kartik saxena” which we have to crack. Then click on brute force attack(trial and error method used by application programs to decode encrypted data).


Then NTLM hash


Step 6: Then you have a window like this here you have some setting you have to set according to us in what pattern we want to attack.


Step 7: We have to set some Setting.

  • Predefined(combination of numbers, alphabets, special characters). 
  • Mini(set minimum characters from which attack starts).
  • Max(set maximum characters from which attack finishes).
  • Then click start.
Step 8: We set predefined to “0123456789”.
  • Min “10”.
  • Max “10”.
  • Then click on start.
  • And it will start brute force.
  • After some time it will crack the hash value and give the password of the user.


If you enjoyed this post, We will be very grateful if you’d help to spread this knowledge by emailing or WhatsApp to a friend or sharing it on Twitter or Facebook. Thank you!  Cheer

Post a Comment

1 Comments

  1. Use online NTLM decryptor to decode ntlm hash https://hashkiller.co.uk/ntlm-decrypter.aspx. Seconds job as oppose to brute force which is time consuming.

    ReplyDelete