Metasploit mailing list archives
hashdump problems
From: <stevekg () cox net>
Date: Thu, 27 Jan 2011 17:31:21 -0800
When we execute the Meterpreter script "run hashdump" on a compromised Windows XP and on a Windows 7. The HASH results are different even though the same account (e.g. local Administrator) has the same password. For example, the password "pass-w0rd" will have the following values on Windows XP: a824903ef6ab871802657a8d8ef025e2:fac374e2461f3e432 cd4c560dd183671 which can be easily cracked using the Rainbow table. However, the hash value returned from the Windows 7 seem random on different Win 7 systems, for example, the following hash value is returned from running the "run hashdump" script on one of our Win 7 system and can no longer be cracked by the Rainbow table even though it is the same password: be7248be0caf22327a7798efba346fb7:1a9d81b177c19a206 5eaee8cbe9689ce My question is, does Win 7 system encrypt the hash so "run hashdum" can not return the correct value as the one on the Win XP system? _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- hashdump problems stevekg (Jan 27)
- Re: hashdump problems Terrence (Jan 27)
- Re: hashdump problems stevekg (Jan 27)
- Re: hashdump problems Lukas Kuzmiak (Jan 28)
- Re: hashdump problems stevekg (Jan 28)
- Re: hashdump problems stevekg (Jan 27)
- Re: hashdump problems Terrence (Jan 27)
- <Possible follow-ups>
- Re: hashdump problems stevekg (Jan 30)
- Re: hashdump problems Ty Miller (Jan 30)
- Re: hashdump problems Carlos Perez (Jan 30)