DefaultPassword in SECURITY Hive

General (Technical, Procedural, Software, Hardware etc.)

1 Posts

1 Users

0 Reactions

499 Views

RSS

twjolson

(@twjolson)

Honorable Member

Joined: 17 years ago

Posts: 417

Topic starter 12/06/2012 12:20 am

Hello,

I am working a case that had a psuedo-domain created by an Actiontec Modem (I think).

I heard that the SECURITY hive caches domain passwords, so I put that in PRTK.

It only detected a DefaultPassword, which it cracked.

What is this? I thought the password for autologin was in the Software hive?

The Software hive contains DefaultUserName, but no DefaultPassword.

Can anyone shed some more light on this? Researching online (and testing against my machine) did not clear anything up.

Quote

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed