PaulDotCom mailing list archives
Cached Credentials in Windows 7?
From: Adrian Crenshaw <irongeek () irongeek com>
Date: Wed, 25 Aug 2010 15:35:44 -0400
Does anyone know if Windows 7 changed the way domain cached credentials are stored? I use to be able to use the cached dumper in Cain to dump these hashes and crack no problem. On Windows 7, the cahe dumper returns a value, but even when I put the know password into the dictionary, it can't seem to crack it. Also, any explanation on what kind of hash it is after you decrypt it with "NL$KM LSA"? Some places say it's NTLM, but it does not appear to be from what I'm seeing. Just want to get the details right for a class I'm teaching Saturday. Thanks for any info you can give me, Adrian
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Cached Credentials in Windows 7? Adrian Crenshaw (Aug 25)