More on windows cached password recovery

Nov 29th, 2006

Comments: 0
Category: Penetration Testing

More on windows cached password recovery

hmm looks like it’s not quite as bad as I thought it was. After a bit more reading on the subject, the windows cached password is not just an NTLM hash, it’s actually a salted hash, with the salt being the username.
So rainbow tables aren’t really a practical attack for this, although it’s interesting to note that there’s a John the ripper plug-in for cachedump now which enables you to do dictionary based/brute-force attacks on retrieved credentials

Add a comment

Your email address will not be shared or published. Required fields are marked *