Default System Password Database Locations
Written by Editor on April 27, 2009
Most systems that employ a user management system have a default location for storing the username and password database which it will use as the base for validation requests. In many cases these databases can be read and the username and password database files copied and taken offline to recover the passwords of other users and administrators.
The following list is the default locations for the files that contain the username and password details for Windows and Unix variants, firstly Windows.
Windows Version | Location |
| Windows 9x | %SystemRoot%\user.pwl |
| Windows NT/2000/XP | %SystemRoot%\system32\config\SAM or %SystemRoot%\repair\SAM._ |
For Unix variants including Linux. The token field specifies the token usually used to identify that the account is disabled.
UNIX System | Path | Token |
| AIX | /etc/security/passwd or /tcb/auth/files// | ! or # |
| A/UX 3.Os | /tcb/files/auth/* | * |
| BSD | /etc/master.passwd | * |
| ConvexOS 10 | /etc/shadpw | * |
| Convex0S 11 | /etc/shadow | * |
| DG/UX | /etc/tcb/aa/user | * |
| EP/IX | /etc/shadow | x |
| HP-UX | /.secure/etc/passwd | * |
| IRIX | /etc/shadow | x |
| Linux | /etc/shadow | * |
| OSF/1 | /etc/passwd[.dir|.pag] | * |
| SCO UNIX #.2.x | /tcb/auth/files// | * |
| SunOS 4.1+c2 | /etc/security/passwd.adjunct | ## |
| SunOS 5.x (Solaris 2.x) | /etc/shadow | |
| System V 4.0 | /etc/shadow | x |
| System V 4.2 | /etc/security/* database | |
| Ultrix 4 | /etc/auth[.dir|.pag] | * |
| UNICOS | /etc/udb | * |
| Mac OS X 10.x | execute command "nidump passwd /" | * |