Some of its outstanding features include:
? The program has small footprint, it doesn't require the installation and can be run from a diskette, CD/DVD-disk or USB-drive.
? Includes over 10 types of data import and 6 types of password attack:
? Brute-force attack
? Distributed attack
? Mask attack
? Dictionary attack
? Hybrid attack
? Pre-calculated tables attack
? Top-speed performance on any CPU, since the recovery code completely written in Assembler.
? The application understands national character sets and properly displays non-latin Windows NT/2000/XP/2003/Vista user names and passwords.
SAMInside data import features include:
"Import SAM and SYSTEM Registry Files" ? the importing of user data from SAM registry file. If the imported SAM file is additionally encrypted by SYSKEY (enabled by default in Windows 2000/XP/2003/Vista), the program will also need the SYSTEM Windows registry file, located at the same Windows directory, where SAM file was ? %SystemRoot%\System32\Config. Copies of these files may be also found in the %SystemRoot%\Repair and %SystemRoot%\Repair\RegBack folders. (Note: %SystemRoot% is the system folder of Windows OS; commonly C:\WINDOWS or C:\WINNT).
"Import SAM Registry and SYSKEY File" ? the importing of user data from SAM Windows registry file using the file with the SYSKEY system key.
"Import from PWDUMP File" ? the importing of user data from text file of the PWDUMP format. You can find sample files with users in the SAMInside archive.
"Import from *.LC File" ? the importing of user data from files created with L0phtCrack.
"Import from *.LCP File" ? the importing of user data from files created with LC 4 and LC 5.
"Import from *.LCS File" ? the importing of user data from files created with LC4 and LC5.
"Import from *.HDT File" ? the importing of user data from projects created with Proactive Windows Security Explorer and Proactive Password Auditor.
"Import from *.LST File" ? the importing of user data from LMNT.LST files created with Cain&Abel.
"Import Local Users ..." ? the importing of local user data (to do that, run the program with Administrator privileges). The program uses the following methods of obtaining local users:
" ... via LSASS" ? importing local user data using a connection to the LSASS process.
" ... via Scheduler" ? importing local user data using the Scheduler system utility.
The program also lets adding users with known LM/NT hashes through the dialog box (Alt Ins).
The peak user number the application is capable of serving to is 65536.
SAMInside export features include:
"Export Users to PWDUMP File" ? the exporting of all user records to a text file in the PWDUMP format. You can then open the produced file in any passwords recovery program.
"Export Selected Users to PWDUMP File" ? the exporting of selected user records to a text file in the PWDUMP format.
"Export Found Passwords" ? the exporting of found passwords in the "User name:Password" format.
"Export Statistics" ? the exporting of current program statistics to a text file.
"Export Users to HTML" ? the exporting of users to a HTML file.
This type of attack is the exhaustive search of all possible password values.
Brute-force attack also includes the distributed attack. This type of attack allows using multiple computers for the recovery of passwords, distributing the recovery calculation load among them. This type of attack takes off automatically when user provides more than one computer for facilitating the attack. At the same time, the range selection feature becomes available for the current computer. So, to start a distributed attack, you'd have to:
1. Run this program on several computers.
2. Choose how many computers are to facilitate the attack.
3. Set the same attack options on all computers that are to facilitate the attack.
4. Choose an individual passwords attack range for each of the computers.
5. Launch brute-force attack on all computers.
This type of password attack is used when user possesses partial information about the lost password. For example:
? Password begins with the "12345" character combination.
? First 4 characters of the password are numbers, others are letters.
? Password has 10-character length, and there's the "admin" character string in the middle of the password.
? And so on.
Mask attack settings allow creating a mask for passwords to be attacked and setting the overall length of passwords to be processed. The following mask setting can be provided: if you don't know the N-th character of the password, then set the N-th checkbox of the mask and choose the mask for this character in the corresponding entry field. If you know any character of the password, enter it to the N-th entry field and switch off the corresponding mask checkbox.
The application uses the following masks:
? ? any printable character (ASCII-codes 32...255).
A ? any upper-case Latin character (A...Z).
a ? any lower-case small Latin (a...z).
S ? any special character (!@#...).
N ? any number (0...9).
1...8 ? any character from a custom character set; you may define up to 8 custom sets.