PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Cached Credentials in Windows 7?

From: Adrian Crenshaw <irongeek () irongeek com>
Date: Wed, 25 Aug 2010 15:35:44 -0400
      Does anyone know if Windows 7 changed the way domain cached
credentials are stored? I use to be able to use the cached dumper in Cain to
dump these hashes and crack no problem. On Windows 7, the cahe dumper
returns a value, but even when I put the know password into the dictionary,
it can't seem to crack it. Also, any explanation on what kind of hash it is
after you decrypt it with "NL$KM LSA"? Some places say it's NTLM, but it
does not appear to be from what I'm seeing.

     Just want to get the details right for a class I'm teaching Saturday.

Thanks for any info you can give me,
Adrian

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: