You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action
I used LSA plugin to export the value of $MACHINE.ACC and import it on a different machine, but I keep getting an error KRB5KDC_ERR_PREAUTH_FAILED. It seems the value is wrong. Is this value reusable on other machines ?? I made sure the computer name is the same but it did not work.
The machine credentials is like a password for a user account. The password is used to derive other encryptions keys. So, for example, even if you can reset a password by simply setting new hash value in SAM, you will not be able to decrypt any data encoded with DPAPI. Because the DPAPI subsystem uses its own primary encryption key which is based on user password.
Machine credentials work the same way. The $MACHINE.ACC data is used to derive other encryption keys for various modules in Windows. If you simply change the machine credentials, other keys will not be validated and thus will not be generated correctly.
I see. The machine to which i imported the password did not have a $machine.acc, so I assume derived keys do no exist on that machine. I think it's something else to do with Kerberos authentication.
Anyways, does copying and pasting an LSA secret using Unicode work well? I couldn't find any other way to import a hex string.
It looks like it has something to do with Kerberos authentication. At least that is what the error reads. To say the truth, I don't know the details. By the way, is it a domain PC?
No, the current version does not support binary data when adding LSA secrets. I'll put this feaure in our todo list for the next release.