Home > Information > Forum > Show Topic
Show thread topic
01.03.2024
New blog post
Dumping the history of users' IP addresses in Windows
20.02.2024
Reset Windows Password v14.1
IP addresses history viewer, fast disk search, local security editor and some more
02.01.2024
Wireless Password Recovery v6.9.0
A revision of the GPU health monitor along with some minor updates
23.12.2023
HAPPY NEW YEAR!
Happy New Year greetings and holidays discount

Articles and video

You may find it helpful to read our articles on Windows security and password recovery examples. Video section contains a number of movies about our programs in action

cached passwords

backman, 16:22:52 26.03.2016 Rating: 0 #1

cached passwords  

Hi all,
I heard Windows caches and stores last 10 credentials,Please help me decrypting passwords out of these credentials. thanks
 
IvanO, 10:47:06 28.03.2016 Rating: 0 #2

RE: cached passwords  

Windows uses 3 generic types of cached credentials:
  • Domain Cached Credentials. By default, when you log on to a domain account, Windows caches last 10 successfull logon attempts to a local PC. This is referred and known as Domain Cached Credentials. Please refer to our article for more detailed info on domain cached credentials. To decrypt domain cached credentials to plaintext passwords, you will need one of the tools that supports DCC recovery. For example, hashcat. You can also use our Domain Cached Credentials explorer tool to investigate, search and dump DCC hashes.

  • Generic logon credentials. Or simply SAM hashes. This is user's logon passwords. All logon passwords are stored as hashes. Our tools have wide capabilities to decrypt hashed back to plaintext passwords.

  • DPAPI cached credentials. We call it DPAPI credhist. All previous user passwords are saved into DPAPI blockchain. So to decrypt hashes to all passwords previously set by user, you will have to decrypt the current user's hash first. The credentials are saved either as NTLM or as SHA1 hashes. This features is supported by our WPR tool only. See some info here.


 
qwe, 13:47:15 01.04.2016 Rating: 0 #3

AD open error  

 Windows Password Recovery  v10.2.3.951
 Windows 8/Server 2012 v6.2.9200 
 Windows x64 - Yes
 User Administrator - Yes
 Drive (C:\\\\) - fixed, NTFS, 824411 Mb free
 Drive \\'E:\\\\\\' - CD-ROM
 Windows dir - C:\\\\WINDOWS
 System dir - C:\\\\WINDOWS\\\\system32
 Temp dir - C:\\\\Users\\\\RUSLA_~1\\\\AppData\\\\Local\\\\Temp\\\\
 Profile dir - C:\\\\Users\\\\rusla_000
 Program dir - C:\\\\Program Files (x86)\\\\Passcape\\\\WPR
 Program name - wpr.exe
 Program size - 6716416
 OpenCL 10.0.1800.11 
 Detected devices:  4 CPU cores, 1 AMD GPU
 
13:07:20 April 01 2016> Application started
13:09:50 April 01 2016> Importing from raw binary files
13:09:50 April 01 2016> AD: C:\\\\WINDOWS\\\\
13:09:50 April 01 2016> SYSTEM: C:\\\\WINDOWS\\\\system32\\\\config\\\\SYSTEM
13:09:50 April 01 2016> \\'SYSTEM\\' is a system protected file, making a readable copy
13:10:10 April 01 2016> AD open error
 
scoobydid, 15:14:21 11.04.2016 Rating: 0 #4

RE: AD open error  

You should make a copy of your currently running NTDS.DIT and SYSTEM files (for example, using Volume Shadow Copy) and then feed it to the program.
 
Entries 1 to 4 from 4  [ <<  1  >> ]