Notifications
Clear all

Windows 10 hash SAM

4 Posts
2 Users
0 Reactions
1,134 Views
(@aquachimere)
Eminent Member
Joined: 7 years ago
Posts: 32
Topic starter  

Hello
about the problem of the hash crack of the windows 10 SAM, what are the new solutions today that you know?
For me SAMDUMP2, PWDDUMP does not work.
Because john sees the hash of an empty password.
The mimikatz plugin for volatility does not work either, because the process lsass.exe is divided into 2 (including one in the VSM).

So whether from a memory dump or direct access to the physical disk of a Win10, I do not see how to recover a password from the hash.

maybe one of you has another solution?

thanks


   
Quote
nightworker
(@nightworker)
Estimable Member
Joined: 16 years ago
Posts: 134
 

mount as virtual machine use nvram file for access physical memory


   
ReplyQuote
(@aquachimere)
Eminent Member
Joined: 7 years ago
Posts: 32
Topic starter  

thanks, but could you explain that?


   
ReplyQuote
nightworker
(@nightworker)
Estimable Member
Joined: 16 years ago
Posts: 134
 

clone your evidence and mount it your physical hard drive as virtual machine in vm vms has physical ram file or use commercial tools for mounting


   
ReplyQuote
Share: