Re: PASSWORD SECURITY ON DOMAIN CONTROLLER (PWDUMP)

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Andrei Ungureanu" <contact me via www.itboard.ro>
• Date: Sat, 1 Jul 2006 20:20:49 +0300

---

it can be done. I have tested Cain&Abel and it can crack password hashes by
brute force (it is a very time consuming operations - I did some tests only
on a 4 char password).

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

"jabottt" <jabott9315@xxxxxxxxxxxxx> wrote in message
news:1151707477.836640.317220@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

thanks for the answer Andrei. Well then, I guess that it's almost
impossible to extract a user's password from a desktop on a network?


Andrei Ungureanu wrote:

yeap ... but it's pretty hard to do that.
There are some tools that can extract the hash from the cached
credentials
(stored in registry), but I don't think is exactly the hash of the
password,
I belive is a hash of the password hash.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au



"jabottt" <jabott9315@xxxxxxxxxxxxx> wrote in message
news:1151627526.826291.305030@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi
I 'm trying to find out if it's possible to do the following on our
network:

1. Access a user's desktop by logging in as that user.

In order to do this, we need to know if we need to go to the domain
controller to extract the user's password hash.

We read somewhere that a salted version of the password is kept in a
password history cache on the desktop. Is this true? Does this mean
that the user's account can be compromised without touching the Domain
Controller?
Thanks
Jon

.

---

• References:
  • Re: PASSWORD SECURITY ON DOMAIN CONTROLLER (PWDUMP)
    • From: jabottt

• Prev by Date: Re: Restore Windows 2003 DNS from Active Directory NTDS.DIT
• Next by Date: Re: Please help me "sell" the idea of a more secure network
• Previous by thread: Re: PASSWORD SECURITY ON DOMAIN CONTROLLER (PWDUMP)
• Next by thread: Re: Problem with Windows 98SE client and printer
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: PASSWORD SECURITY ON DOMAIN CONTROLLER (PWDUMP) ... impossible to extract a user's password from a desktop on a network? ... Andrei Ungureanu wrote: ... There are some tools that can extract the hash from the cached credentials ... (microsoft.public.win2000.active_directory) Re: SignedXml.Signature.SignatureValue hash ... csharp, .net 2.0, VC 2005, for timestamping signatures with TSA. ... My problem is extract and get from SignedXml.Signature.SignatureValue ... I have spent lot of time on this, but cant see how extract hash from ... verify that signature of given hash is valid; ... (microsoft.public.dotnet.security) Text Parser Help Please ... a context and starts with the @ symbol. ... hash key for the task. ... I gues the best way might be to extract each marker assin it to a hash ... (comp.lang.ruby) Re: everybody hunt a lot, unless Genevieve screens photographers in spite of Fredericks boxing ... Hash: SHA1 ... We extract the integral fax. ... Get your boastfully loading corp down my track. ... (sci.crypt) Re: I dont know where to start with this one. ... fancy to extract the addresses. ... wishing to see whether an entry in the hash has more than one address, ... Stonehenge Perl Training ... (perl.beginners)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.active_directory  > 2006-07