Home > Information > Forum > Show Topic
Show thread topic
13.09.2021
Office password recovery tools
Guaranteed password recovery for Microsoft Office documents with 40-bit encryption
31.08.2021
Reset Windows Password v10.5
Introducing system and interface restrictions editor
25.08.2021
WPA password recovery benchmarks
New CPU and GPU devices
30.07.2021
Reset Windows Password v10.4.1
Support for Windows 10 21H1 and some extra enhancements

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

cached passwords

backman, 16:22:52 26.03.2016 Rating: 0 #1

cached passwords  

Hi all,
I heard Windows caches and stores last 10 credentials,Please help me decrypting passwords out of these credentials. thanks
 
IvanO, 10:47:06 28.03.2016 Rating: 0 #2

RE: cached passwords  

Windows uses 3 generic types of cached credentials:
  • Domain Cached Credentials. By default, when you log on to a domain account, Windows caches last 10 successfull logon attempts to a local PC. This is referred and known as Domain Cached Credentials. Please refer to our article for more detailed info on domain cached credentials. To decrypt domain cached credentials to plaintext passwords, you will need one of the tools that supports DCC recovery. For example, hashcat. You can also use our Domain Cached Credentials explorer tool to investigate, search and dump DCC hashes.

  • Generic logon credentials. Or simply SAM hashes. This is user's logon passwords. All logon passwords are stored as hashes. Our tools have wide capabilities to decrypt hashed back to plaintext passwords.

  • DPAPI cached credentials. We call it DPAPI credhist. All previous user passwords are saved into DPAPI blockchain. So to decrypt hashes to all passwords previously set by user, you will have to decrypt the current user's hash first. The credentials are saved either as NTLM or as SHA1 hashes. This features is supported by our WPR tool only. See some info here.


 
qwe, 13:47:15 01.04.2016 Rating: 0 #3

AD open error  

 Windows Password Recovery  v10.2.3.951
 Windows 8/Server 2012 v6.2.9200 
 Windows x64 - Yes
 User Administrator - Yes
 Drive (C:\\\\) - fixed, NTFS, 824411 Mb free
 Drive \\'E:\\\\\\' - CD-ROM
 Windows dir - C:\\\\WINDOWS
 System dir - C:\\\\WINDOWS\\\\system32
 Temp dir - C:\\\\Users\\\\RUSLA_~1\\\\AppData\\\\Local\\\\Temp\\\\
 Profile dir - C:\\\\Users\\\\rusla_000
 Program dir - C:\\\\Program Files (x86)\\\\Passcape\\\\WPR
 Program name - wpr.exe
 Program size - 6716416
 OpenCL 10.0.1800.11 
 Detected devices:  4 CPU cores, 1 AMD GPU
 
13:07:20 April 01 2016> Application started
13:09:50 April 01 2016> Importing from raw binary files
13:09:50 April 01 2016> AD: C:\\\\WINDOWS\\\\
13:09:50 April 01 2016> SYSTEM: C:\\\\WINDOWS\\\\system32\\\\config\\\\SYSTEM
13:09:50 April 01 2016> \\'SYSTEM\\' is a system protected file, making a readable copy
13:10:10 April 01 2016> AD open error
 
scoobydid, 15:14:21 11.04.2016 Rating: 0 #4

RE: AD open error  

You should make a copy of your currently running NTDS.DIT and SYSTEM files (for example, using Volume Shadow Copy) and then feed it to the program.
 
Entries 1 to 4 from 4  [ <<  1  >> ]