[prev in list] [next in list] [prev in thread] [next in thread]
List: john-users
Subject: Re: [john-users] Hash from a Windows 7
From: madfran () set-ezine ! org
Date: 2013-01-29 18:01:59
Message-ID: 20130129190159.74054c1napj8ytnb () webmail ! set-ezine ! org
[Download RAW message or body]
Quoting Rich Rumble <richrumble@gmail.com>:
> On Sun, Jan 27, 2013 at 1:16 PM, <madfran@set-ezine.org> wrote:
>> Yes. I know,... but this is the data that I obtain from pwdump7.
>>
>> As I said in other mail, I am trying to report the issue to Tarasco.
> It may not be removing the SYSKEY encryption like it should. I'd try
> Cain&Abel from oxid.it. Also if your AV is picking up on gesecdump and
> not pwd7 then maybe it won't pick up on cain, but most AV's do.
> Security tools are often dual purpose, if you make an exception for
> Cain or another tool, it's not the end of the world, just make sure
> you remove the exception. You don't have to turn AV completely off,
> most allow you to make exceptions. If you have a machine you can
> install cain on, and remove your HD, you can then point cain to the
> system and sam file's so it can get the boot key and decrypt the sam's
> syskey and then dump the hashes.
> -rich
>
Hi,
This was the problem.
The AV of Windows 7, avoid to work correctly pwdump7, but without any notice.
Extracting the syskey and hash with the old bkhive and samdump2 from a
linux backtrack, the problem is solved.
Thanks,
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic