Check windows passwords

Question

bops 1 Posting Whiz in Training

17 Years Ago

Hey, I want to write a function with the following signature -

BOOL checkPassword( char * input );

In this function I want to be able to check this password against the stored windows password in the SAM database. I'm completely new to this idea, so I would like to read up on the documentation of SAM, any API's that exist that would assist me in accessing it, and which encryption methods are used in the database so that I could apply it to my input and check against the password entry.

Thanks.

c

Edited 11 Years Ago by diafol because: fixed formatting

3 Contributors
7 Replies
104 Views
3 Days Discussion Span
Latest Post 17 Years Ago Latest Post by Ancient Dragon

Bench 212 Posting Pro

17 Years Ago

That would probably be a password cracker's dream come true. Seriously, do you really think there's going to be an easy way to access encrypted Windows passwords like that?

(I am aware of programs which do this, but only by re-starting the computer and using a linux boot CD to bypass all the usual windows security stuff)

Ancient Dragon 5,243 Achieved Level 70

17 Years Ago

To check a password on MS-Windows os all you have to do is attempt to log in with the user name and password -- there are win32 api functions that allow programs to do that, assuming it has appropriate permissions first.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

bops 1 Posting Whiz in Training · Answer 1 · 2007-08-31T22:46:51+00:00

Yeah, I'm not after password cracking or anything, I simply want to be able to check if a password entered in my application matches the one for the currently logged on user.

Which API's would be used for this then Ancient Dragon?

Thanks.

Ancient Dragon 5,243 Achieved Level 70 Team Colleague Featured Poster · Answer 2 · 2007-09-01T02:50:38+00:00

Ancient Dragon 5,243 Achieved Level 70

17 Years Ago

read this article, especially the fourth paragraph.

Bench commented: Good link +4

Bench 212 Posting Pro · Answer 3 · 2007-09-01T19:00:00+00:00

Ah ok, sorry I misunderstood the original post - I thought you were after something that would allow reading the contents of the windows password files.

bops 1 Posting Whiz in Training · Answer 4 · 2007-09-01T20:26:10+00:00

Just what I was looking for thanks.

But is there anything you can use when you don't have such permissions, i.e.

the user of which you would like to impersonate is already logged on already and can therefore enter their password to confirm authorization?

Ancient Dragon 5,243 Achieved Level 70 Team Colleague Featured Poster · Answer 5 · 2007-09-03T06:51:27+00:00

Just what I was looking for thanks.
But is there anything you can use when you don't have such permissions, i.e.

The program must be running as administrator, then it will have permissions.

the user of which you would like to impersonate is already logged on already and can therefore enter their password to confirm authorization?

Doesn't matter if the user is already logged in. You can log in as many times as you want.