Security Accounts Manager - Related Attacks

Related Attacks

In Windows NT 3.51, NT 4.0 and 2000, an attack was devised to bypass the local authentication system. If the SAM file is deleted from the hard drive (e.g. mounting the Windows OS volume into an alternate operating system), the attacker could log in as any account with no password. This flaw was corrected with Windows XP, which shows an error message and shuts down the computer. However there exist recently developed software utilities which, by the aforementioned methodology of using either an emulated virtual drive, or boot disk (usually Unix/Linux) based environment to mount the local drive housing the active NTFS partition, and using programmed software routines and function calls from within assigned memory stacks to isolate the SAM file from the Windows NT system installation directory structure (default: c:\windows\system32\config) and, depending on the particular software utility being used, remove the password hashes stored for user accounts in their entirety, or in some cases, modify the user account passwords directly from this environment.

This software has both a highly pragmatic and beneficial use as a password clearing or account recovering utility for individuals who have lost or forgotten their windows account passwords, as well as a possible use as a malicious software security bypassing utility. Essentially granting a user with enough ability, experience, and familiarity with both the cracking utility software and the security routines of the Windows NT kernel (as well as offline and immediate local access to the target computer) the capability to entirely bypass/remove the windows account passwords from a potential target computer. Only recently, Microsoft released a utility called LockSmith, which is part of MSDart. MSDart is not freely available to end-users, however.

This article is based on material taken from the Free On-line Dictionary of Computing prior to 1 November 2008 and incorporated under the "relicensing" terms of the GFDL, version 1.3 or later. ........):)

Microsoft Windows components

Management tools	Backup and Restore Center Command Prompt Control Panel Applets Device Manager Disk Cleanup Disk Defragmenter Driver Verifier Event Viewer IExpress Management Console Netsh Problem Reports and Solutions Recovery Console Resource Monitor ScanDisk ‎Sysprep System Configuration System File Checker System Policy Editor System Restore Task Manager Windows Easy Transfer Windows Installer Windows PowerShell Windows Update WinPE WinRE WinSAT WMI

Applications	Calculator Character Map Contacts DVD Maker Fax and Scan Internet Explorer Journal Magnifier Media Center Media Player Mobile Device Center Mobility Center Narrator Notepad Paint Private Character Editor Remote Assistance Snipping Tool Sound Recorder Speech Recognition Store Tablet PC Input Panel Windows Desktop Gadgets Windows Photo Viewer Windows To Go WordPad

Games	3D Pinball for Windows - Space Cadet Chess Titans FreeCell Hearts Hold 'Em Hover! InkBall Mahjong Titans Tinker Minesweeper Purble Place Reversi Solitaire Spider Solitaire

Shell	Aero AutoPlay AutoRun ClearType Explorer Search IFilter Saved search Namespace Special folders Start menu Taskbar

Services	Service Control Manager BITS CLFS Multimedia Class Scheduler Shadow Copy Task Scheduler Error Reporting Wireless Zero Configuration

File systems	CDFS DFS exFAT IFS FAT FAT12 FAT16 FAT32 NTFS Hard link Junction point Mount Point Reparse point Symbolic link TxF EFS ReFS UDF WinFS

Server	Domains Active Directory DNS Group Policy Roaming user profiles Folder redirection Distributed Transaction Coordinator MSMQ Windows Media Services Rights Management Services IIS Remote Desktop Services WSUS Windows SharePoint Services Network Access Protection PWS DFS Replication Remote Differential Compression Print Services for UNIX Remote Installation Services Windows Deployment Services System Resource Manager Hyper-V

Architecture	Architecture of Windows NT Object Manager Startup process Vista/7 I/O request packet Kernel Transaction Manager Logical Disk Manager Security Accounts Manager Windows File Protection / Windows Resource Protection Microsoft Windows library files LSASS CSRSS SMSS MinWin Desktop Window Manager Graphics Device Interface Server Message Block Shadow Copy Registry DLL EXE Imaging Format Open XML Paper Specification Windows USER Win32 console Ntoskrnl.exe hal.dll System Idle Process NTLDR / Boot Manager Winlogon I/O

Security	Action Center BitLocker Data Execution Prevention Kernel Patch Protection Mandatory Integrity Control Protected Media Path User Account Control User Interface Privilege Isolation Windows Defender Windows Firewall

Compatibility	COMMAND.COM Windows Services for UNIX POSIX subsystem Interix Virtual DOS machine Windows on Windows WoW64

API	Active Scripting WSH VBScript JScript COM ActiveX ActiveX Document COM Structured storage DCOM OLE OLE Automation Transaction Server DirectX .NET Framework

Related software	IEAK MDOP MDT Microsoft Plus! WAIK Windows Virtual PC

Read more about this topic: Security Accounts Manager

Famous quotes containing the words related and/or attacks:

“So-called “austerity,” the stoic injunction, is the path towards universal destruction. It is the old, the fatal, competitive path. “Pull in your belt” is a slogan closely related to “gird up your loins,” or the guns-butter metaphor.”
—Wyndham Lewis (1882–1957)

“I find that with me low spirits and feeble health come and go together. The last two or three months I have had frequent attacks of the blues. They generally are upon me or within me when I am somewhat out of order in bowels, throat, or head.”
—Rutherford Birchard Hayes (1822–1893)