Home page logo

pauldotcom logo PaulDotCom mailing list archives

Cached Credentials in Windows 7?
From: Adrian Crenshaw <irongeek () irongeek com>
Date: Wed, 25 Aug 2010 15:35:44 -0400

      Does anyone know if Windows 7 changed the way domain cached
credentials are stored? I use to be able to use the cached dumper in Cain to
dump these hashes and crack no problem. On Windows 7, the cahe dumper
returns a value, but even when I put the know password into the dictionary,
it can't seem to crack it. Also, any explanation on what kind of hash it is
after you decrypt it with "NL$KM LSA"? Some places say it's NTLM, but it
does not appear to be from what I'm seeing.

     Just want to get the details right for a class I'm teaching Saturday.

Thanks for any info you can give me,
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
  • Cached Credentials in Windows 7? Adrian Crenshaw (Aug 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]