Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Where are Windows "Enforce password history" passwords stored?
From: email () securityfocus com, at () securityfocus com, neelsaxena () securityfocus com, dot () securityfocus com, com () securityfocus com
Date: 1 Sep 2005 15:43:54 -0000

I use pwdump with the password history patch to to obtain the hashes of passwords in history.

Cached logon credentials could be stored in HKLM\Security\Cache unless it has been diasbled. 

Password history hashes can be found in files located in SystemRoot%\system32\config

Proactive System Password Recovey tool has worked for me also: http://www.securityfocus.com/tools/category/10

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Re: Where are Windows "Enforce password history" passwords stored? email (Sep 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault