mailing list archives
Cached Credentials in Windows 7?
From: Adrian Crenshaw <irongeek () irongeek com>
Date: Wed, 25 Aug 2010 15:35:44 -0400
Does anyone know if Windows 7 changed the way domain cached
credentials are stored? I use to be able to use the cached dumper in Cain to
dump these hashes and crack no problem. On Windows 7, the cahe dumper
returns a value, but even when I put the know password into the dictionary,
it can't seem to crack it. Also, any explanation on what kind of hash it is
after you decrypt it with "NL$KM LSA"? Some places say it's NTLM, but it
does not appear to be from what I'm seeing.
Just want to get the details right for a class I'm teaching Saturday.
Thanks for any info you can give me,
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com
- Cached Credentials in Windows 7? Adrian Crenshaw (Aug 25)