• Adding a New User
• Setting Windows Security
• Creating and Viewing Logs
• Viewing Systems Information
• Disk Management and Services
• Setting Network Properties
• Passwords
  • Password hashes are kept in a security database (SAM - security account manager) in \Windows-directory\system32\config\SAM; file is locked when NT is running
  • Copy of password file is copied into the Windows-directory\repair folder
  • NT uses two hash algorithms to encrypt passwords
    • NT hash - password converted to Unicode and then run through MD4 hash algorithm to obtain a 16-byte value
    • LAN Manager hash - password padded with 0's up to length of 14 characters, converted to uppercase, split into two 7-character pieces. Each half is encrypted using 8-byte DES (data encryption standard) keys. Result is combined into a 16-byte, one-way hash value.
  • Passwords are not randomized with a salt value (hence you only have to crack the same password for two users once)

Please mail any comments about this page to summers_wayne@ColumbusState.edu