Re: Where are Windows "Enforce password history" passwords stored?

From: email@securityfocus.com
Date: Thu Sep 01 2005 - 11:43:54 EDT

Next message: Steve Manzuik: "RE: Business justification for pentesting"
Previous message: Juan B: "Hacking to Xp box"
Maybe in reply to: Charles Gillman: "Where are Windows "Enforce password history" passwords stored?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) I use pwdump with the password history patch to to obtain the hashes of passwords in history.

Cached logon credentials could be stored in HKLM\Security\Cache unless it has been diasbled.

Password history hashes can be found in files located in SystemRoot%\system32\config

Proactive System Password Recovey tool has worked for me also: http://www.securityfocus.com/tools/category/10

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Next message: Steve Manzuik: "RE: Business justification for pentesting"
Previous message: Juan B: "Hacking to Xp box"
Maybe in reply to: Charles Gillman: "Where are Windows "Enforce password history" passwords stored?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:48 EDT