[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    Re: [john-users] Hash from a Windows 7
From:       madfran () set-ezine ! org
Date:       2013-01-29 18:01:59
Message-ID: 20130129190159.74054c1napj8ytnb () webmail ! set-ezine ! org
[Download RAW message or body]

Quoting Rich Rumble <richrumble@gmail.com>:

> On Sun, Jan 27, 2013 at 1:16 PM,  <madfran@set-ezine.org> wrote:
>> Yes. I know,... but this is the data that I obtain from pwdump7.
>>
>> As I said in other mail, I am trying to report the issue to Tarasco.
> It may not be removing the SYSKEY encryption like it should. I'd try
> Cain&Abel from oxid.it. Also if your AV is picking up on gesecdump and
> not pwd7 then maybe it won't pick up on cain, but most AV's do.
> Security tools are often dual purpose, if you make an exception for
> Cain or another tool, it's not the end of the world, just make sure
> you remove the exception. You don't have to turn AV completely off,
> most allow you to make exceptions. If you have a machine you can
> install cain on, and remove your HD, you can then point cain to the
> system and sam file's so it can get the boot key and decrypt the sam's
> syskey and then dump the hashes.
> -rich
>

Hi,

This was the problem.
The AV of Windows 7, avoid to work correctly pwdump7, but without any notice.
Extracting the syskey and hash with the old bkhive and samdump2 from a  
linux backtrack, the problem is solved.

Thanks,


[prev in list] [next in list] [prev in thread] [next in thread]