Re: Differences between MSCacheV1 and MSCacheV2

[Jeremy Pommerening <theaudioman () yahoo com>]

I use fgdump to get the hashed

Sent from my iPad

On Aug 14, 2011, at 10:48 AM, Adrian Crenshaw <irongeek () irongeek com> wrote:

> Hi all,
>    Ok, I've been Googling this up and found no answer. My statements in this email may also be wrong, so double 
> check. 
>
> On WIndows boxes in a domain, the last 10 passwords are saved (by default) as a hash on the local box in case 
> communications to the domain go down. The user name is used as a salt in these hashes. 
>
> Windows before Visa: uses MSCacheV1 (AKA Domain Cached Credentials)
> Windows Vista/7/2008: use MSCacheV2 
>
> Cain can now dump and crack both, but at 70 attempts per sec with Cain on a newer i7, it's kind of pointless. 
> Hashcat/cudaHashCat seems to be able to crack MSCacheV1 much faster than Cain, but only seems to support MSCacheV1 as 
> far as I can tell. Anyone know what the real differences in algorithm are between the two MSCache versions?
>
> As a side note: What do you use for dumping these hashes? I've been using Cain, but would love to hear if there is 
> something better.
>
> Thanks,
> Adrian
>
> -- 
> "The ability to quote is a serviceable substitute for wit." ~ W. Somerset Maugham
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com