Program: SAMInside
Version: 2.1 (New)
Size: 24 kB
Language: C++/Assembler
Price: 40$

Attention! This program can be used only for recovering your own forgotten passwords!
The program SAMInside executes the follow functions: SAMInside is the first program in the world, which breaks the defense of Syskey!

New (2.1) version of the program includes additionally the following abilities: Also the program code was greatly optimized and now the size of executable file became only 24kB!

SAMInside makes the brute-forcing attack more than 2 times faster, than the programs-analogs. This is because the program has been written on Assembler language, and there was made the code optimisation for the modern processors, and also there was implemented some artful tricks in realization of the brute-forcing algorithm, then it has been let to increase the speed of brute-forcing.

For example, while the brute-forcing of passwords to LMHash on computer with Intel Pentium III-1000 processor, the program shows speed near 3 millions passwords/sec, and to NTHash near 4,4 millions passwords/sec. The speed of brute-forcing of passwords to LMHash on the AMD AthlonXP 1700+ processor near 5,4 millions passwords/sec, and to NTHash near 3,9 millions passwords/sec.

The program works under all of OS Windows (from Win'95 to XP) and requires for the work any processor from the line of x86, not older than Pentium (or AMD K6-II), and necessarily with MMX support.

In the program was implemented the unique mode of brute-forcing of all, imported in program, users at a time, working with which, gives us the increasing of the speed else on the hundreds of percents, comparing to programs-analogs.

Else one great difference of the program from the analogs is that, it more correctly "extracts" the usernames and the users hashes from SAM-files of Windows'2000/XP, and also in national codepages.

In the new version appeared ability to import into the program the LMHash/NTHash for recovering, got from different sources (SAM-files, text files from another programs (L0phtCrack, pwdump and so on), SAM-file, used by the system etc.), what gives us the ability to get more quick and efficient brute-forcing.
For example, if you have 10 different SAM-files and every of them has only one account in it, then, if you opens every file separately, you will got the speed 3 millions on Intel Pentium III-1000 for every account. If you imports into the program ALL SAM-files together, then you will found all passwords with the same speed! So on, you will spend 10 times less of the time for recovering of all passwords!

Working with the program: Additional functions of the program: The limits of Demo-version:

You can't use another alphabet for brute-forcing (digits, special symbols and so on), except latin letters. Also tou can't use vocabulary. So on, the Demo-version of the program is full-functionally near 95%!

FAQ:

Q: What is this: the SAM-files, what for are they need, and where I can get them?
A: The SAM-file - is the file, which has the name - sam. It is the branch of the registry "HKEY_LOCAL_MACHINE\SAM" of WindowsNT/2000/XP in binary form. SAM-file is placed in directory C:\WINNT\System32\Config\ and there are stored the accounts (login/passwords) of users of this computer.

Q: I tries to open my SAM-file, placed in directory C:\WINNT\System32\Config\, but the program SAMInside can't read it. Why?
A: It is because the files in this directory (sam, system, software and others without extensions) - is the fragments of the Windows registry and OS by default doesn't give nobody the access to them, even for the read. To copy this files, you may boot in other OS, or boot from diskette. Ability to access to the current SAM-file without its copying already added in 2.1 version of the program, for this choose "Import local machine SAM" from menu, and you must to have Administrator rights. If you wish to test the program, then you can use files sam and system from directories C:\WINNT\Repair\ and C:\WINNT\Repair\RegBack\.

Q: I have password 8(9,10...) symbols length, but if I tries to set starting password more than 7 symbols, the LM-recovering doesn't start, or program ends to recover all of 7-symbols passwords and tell us, that recovering is end. Why? I have the longer password?
A: Let's talk about forming LMHash in Windows. The system takes password, converts it to upper case, cuts off it to 14 symbols, then divides it into 2 halfes, every of 7 symbols and encrypts them separately. Therefore, while searching password (for example, "123456789") the program finds it by halfes - first of all "89" (because it is shorter), then - "1234567". Therefore the length of starting password is limited to 7 symbols.

Q: I have short NT-password (LM-password absent), consists from latin symbols, but the program doesn't find it, why? (Note: the alphabet consists from UPPER case symbols).
A: It is because, the Windows always converts LM-password in upper case (i.e. while encrypting different passwords "Admin", "ADMIN" and "aDmIn" it will be one LMHash, you may to test it, using function of the program, which generates hashes), but NT-password is case-sensitive and all shown above passwords will have different NTHash. Therefore, while recovering NT-password you must use different alphabets, consists of upper and of lower case symbols!