Passwords of Windows users are stored in the SAM file (Security Access Management, maybe). Let me digress, 'I am Sam' is a very good movie. Also, I am SAM, Super as Master, if ever you ask Gugu. I am Gugu's Super Master, so I am SAM and GSM.
Now, back to the topic. The SAM file is located in Windows/System32/Config, and is named as SAM, of course. No file extension, just SAM. Passwords stored in the SAM are encrypted, or 'hashed', and are referred to as NT Hashes. While Windows is running, the SAM file cannot be copied, it is locked by the OS.
There is another location of the password hashes, in the Registry under HKEY_LOCAL_MACHINESAM, but this is also locked. A third possible location is on Windows/repair, but the passwords here may already have been replaced by new ones.
The process of getting the password from the hashes is called 'password cracking'. Like when you break something, it usually cracks. Cocaine is also called crack. The sexy part of human anatomy is also called crack. Gugu is interested in crack. That is why I like crack. I digressed again.
Again, to the topic. The more difficult part in password cracking is getting the SAM file which contains the NT hashes of the user passwords. The easiest way to get the SAM file is to boot the machine using a different OS, from the floppy drive, the USB drive, or the CD drive. Issues to be addressed in booting is the file system of the HD (most probably NTFS), and the size of the file.
After booting (using another OS), copy the SAM and SYSTEM files to another location (floppy, another folder in the HD, or another computer in the network). The SYSTEM file is another file located in the same folder with SAM (Windows/System32/config), and we will need it to crack SAM.
The SAM and SYSTEM files may then be read by a password cracker. We have used SAMINSIDE and PPA (Proactive Password Auditor).
