Re: Differences between MSCacheV1 and MSCacheV2

[Dan McGinn-Combs <dgcombs () gmail com>]

Color me impressed.
Not with the topic at hand but the quote in your .sig. I've been looking (off and on) for that one for some time!

On Aug 14, 2011, at 11:48 AM, Adrian Crenshaw <irongeek () irongeek com> wrote:

> Hi all,
>    Ok, I've been Googling this up and found no answer. My statements in this email may also be wrong, so double 
> check. 
>
> On WIndows boxes in a domain, the last 10 passwords are saved (by default) as a hash on the local box in case 
> communications to the domain go down. The user name is used as a salt in these hashes. 
>
> Windows before Visa: uses MSCacheV1 (AKA Domain Cached Credentials)
> Windows Vista/7/2008: use MSCacheV2 
>
> Cain can now dump and crack both, but at 70 attempts per sec with Cain on a newer i7, it's kind of pointless. 
> Hashcat/cudaHashCat seems to be able to crack MSCacheV1 much faster than Cain, but only seems to support MSCacheV1 as 
> far as I can tell. Anyone know what the real differences in algorithm are between the two MSCache versions?
>
> As a side note: What do you use for dumping these hashes? I've been using Cain, but would love to hear if there is 
> something better.
>
> Thanks,
> Adrian
>
> -- 
> "The ability to quote is a serviceable substitute for wit." ~ W. Somerset Maugham
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com