Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Loading hashes > Registry and Active Directory
Loading password hashes from registry and Active Directory
18.12.2018
Open Office Password Cracker v2.6
Support for new GPU devices, some bug fixes
11.12.2018
Office password recovery tools
Support for new devices, some speedup when recovering MS Office 2013-2019 passwords using AMD GPUs, bugs fixups
06.12.2018
Windows Password Recovery 11.6
Support for new GPU devices, GPU health monitor, LM password recovery speedup
27.11.2018
Reset Windows Password v9.0.1
Enhanced support for newer browsers when recovering internet passwords

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - loading hashes from registry and Active Directory

 

Loading password hashes from registry and Active Directory

Import hashes from binary files. Windows Password Recovery can extract password hashes directly from binary files. Even those of them that are currently used by the system (i.e. locked).

Normally, password hashes are stored in the registry file SAM, which resides in the '%WINDOWS%\System32\Config' folder. The same folder contains the SYSTEM registry, which is necessary for the recovery. If you have specified path to the registry in the current system, parsing it will take a bit longer (normally by a few seconds).

Password hashes for domain accounts are stored in the Active Directory database; or, to be more specific, in the very heart of it, in the ntds.dit file, which resides in the folder: '%Windows%\ntds'. The recovery of domain accounts also requires the SYSTEM registry file. Be careful! Dumping from the current system's Active Directory database may take some time, especially when ntds.dit is of a considerable size.

The program works properly and supports all the SYSKEY encryption options: Registry SYSKEY, SYSKEY startup diskette, SYSKEY startup password.

If you are copying the files from another system, besides the SAM (ntds.dit) and SYSTEM files, it is also highly recommended to copy the SECURITY and SOFTWARE registries (they should be located in the same folder with the SYSTEM file); that would allow you to recover the passwords to some user accounts quicker.

Using additional options you can:

  • Turn on/off password history parsing. Turning off history load will increase database processing. From the other hand, when attacking hashes, guessing history passwords may give a clue to figure out the password for the primary account the hashes belong to.
  • Discard loading machine accounts (ones end up with $ character).
  • Switch on/off the instant check for plaintext passwords, BitLocker backup keys and other sensitive information