Forums
Main Category
General (Technical,...
Quick question abou...
 
Notifications
Clear all

Quick question about User Registry

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by Jamie 18 years ago
13 Posts
6 Users
0 Reactions
695 Views
RSS
 cloudy
(@cloudy)
Trusted Member
Joined: 18 years ago
Posts: 59
Topic starter 01/02/2008 10:20 pm  

Just a quick question, probably because its a Friday and i cant remember (been a long week) but am i wrong in saying that a users password for windows is stored in their registry settings in plain text??


   
Quote
Jamie
 Jamie
(@jamie)
Moderator
Joined: 5 years ago
Posts: 1288
01/02/2008 10:51 pm  

Only if the user is set to logon automatically?


   
ReplyQuote
 cloudy
(@cloudy)
Trusted Member
Joined: 18 years ago
Posts: 59
Topic starter 01/02/2008 10:55 pm  

Ah out of luck then as there are multiple users on the computer

How can I get the user password? Have tried ophcrack but doesn't work need the password so I can view encrypted files in a vm


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
01/02/2008 11:59 pm  

Only if the user is set to logon automatically?

Nope.


   
ReplyQuote
 CI2019
(@ci2019)
Trusted Member
Joined: 19 years ago
Posts: 53
02/02/2008 1:55 am  

Depends on whether the machine is a domain member or a standalone machine. In case of a standalone I export the SAM hash and run CAIN against it via a rainbowtable.

In case of a domain attached machine, you'll need the SAM database from the DC.


   
ReplyQuote
Jamie
 Jamie
(@jamie)
Moderator
Joined: 5 years ago
Posts: 1288
02/02/2008 2:17 am  

Nope.

http//support.microsoft.com/kb/315231

Has this been changed in a later service pack/fix?


   
ReplyQuote
 cloudy
(@cloudy)
Trusted Member
Joined: 18 years ago
Posts: 59
Topic starter 02/02/2008 5:34 am  

its a standalone of I have Cain where can I get rainbow tables for on and ntlm hash?


   
ReplyQuote
 ddow
(@ddow)
Reputable Member
Joined: 21 years ago
Posts: 278
02/02/2008 5:42 am  

Great site for rainbow tables is rainbowtables.shmoo.com . Haven't tried them with Cain, but they do work well with SamInside.


   
ReplyQuote
 cloudy
(@cloudy)
Trusted Member
Joined: 18 years ago
Posts: 59
Topic starter 02/02/2008 3:16 pm  

Great site for rainbow tables is rainbowtables.shmoo.com . Haven't tried them with Cain, but they do work well with SamInside.

Cheers I'll give it a try on Monday


   
ReplyQuote
keydet89
 keydet89
(@keydet89)
Famed Member
Joined: 21 years ago
Posts: 3568
02/02/2008 11:41 pm  

Nope.

http//support.microsoft.com/kb/315231

Has this been changed in a later service pack/fix?

Not at all. The OP said, "…a users password for windows is stored in their registry settings in plain text??"

From the KB article, the plain text password is stored not in the user's hive file but in the hive file for the system.


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: