Home > Products > Windows Passwords > Windows Password Recovery > Screenshots > Loading hashes
Loading pasword hashes into the program
29.10.2020
Windows Password Recovery v13.1
Support for TPM in Windows Hello credentials explorer
22.09.2020
Wireless Password Recovery v6.3.0
Support for NVidia 3xxx GPUs
21.08.2020
Reset Windows Password v9.8
Enhanced password recovery and password lookup algorithms
07.08.2020
Wireless Password Recovery v6.2.9
Security issue fix

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

Windows Password Recovery - loading password hashes

 

User passwords in Windows systems are converted to special values - hashes. Hashes have a fixed size - 16 bytes - and can be stored in two repositories: SAM - for the regular accounts, SECURITY- for domain cached credentials, and Active Directory - for domain accounts.

The regular accounts that contain a username, password, and other auxiliary information are stored in the Windows NT registry; precisely, in the SAM (Security Account Manager) file. That file is located on the hard disk, in %windows%\system32\config. For example, ะก:\Windows\System32\Config\SAM.

Another way to access the SAM file is to launch a special program from a boot disk and then copy the file. Anyway, you need physical access to the target computer.
User passwords or, to be accurate, hashes are additionally encrypted with the SYSKEY utility, which stores its service data in the SYSTEM registry file. Thus, to extract hashes from SAM, you would also need the SYSTEM file, which is located in the same folder as SAM, and optional SECURITY file.

 Domain accounts are stored in the Active Directory database. Usually, the Active Directory database is located in the file %Windows%\ntds\NTDS.DIT. The way user hashes are encrypted here is a bit different than that is in SAM, but the recovery would also require the SYSTEM file.

The program also has full support for domain cached credentials. Loading cached hashes is pretty much the same as if loading regular SAM passwords, except that the hashes located in SECURITY registry file.

There are several ways of loading hashes into Windows Password Recovery.

 


Import local hashes

Load hashes of the local computer.
More information...
read hashes of the local PC


Import hashes from binary files

Read SAM, SECURITY, or NTDS.DIT hashes.
More information...
Read hashes from registry or Active Directory


Import hashes from system restore folders

Extract password hashes from system restore/repair/backup folders or from volume shadow copies.
More information...
Import hashes from system restore folders


Import hashes from project/text files

Load hashes into the program by importing them from other projects/applications.
More information...
Load hashes from other projects