JerryMungo
Honorary Master
- Joined
- Jul 18, 2008
- Messages
- 37,541
- Reaction score
- 6,288
So Windows hashes and stores your password in non-reversible hash format on the hard drive (SAM files). This is somewhat secure as it means when you log in, it simply hashes the password you supply and compares the hashed version with the stored hashed password. If it's a match, you're in. The idea is to not store the password in any reversible format on the drive...
That can easily be bypassed with many utilities - while you can't decrypt the hash to get the password, you can clear the password or set it to something else if you can boot from the PC using one of many security distros....
Enter Mimikatz...
http://blog.gentilkiwi.com/mimikatz
Run that little console utility and enter:
And there you have it...
I'll leave that for you to test (run the binary as administrator).
I was surprised after learning all about the security behind hashing and not storing the PW in any reversible format on the drive... turns out it is indeed stored in memory in reversible format. I've tested on Windows 8.1 using a Microsoft account linked user.
That can easily be bypassed with many utilities - while you can't decrypt the hash to get the password, you can clear the password or set it to something else if you can boot from the PC using one of many security distros....
Enter Mimikatz...
http://blog.gentilkiwi.com/mimikatz
Run that little console utility and enter:
Code:
privilege:debug
sekurlsa::logonPasswords full
I'll leave that for you to test (run the binary as administrator).
I was surprised after learning all about the security behind hashing and not storing the PW in any reversible format on the drive... turns out it is indeed stored in memory in reversible format. I've tested on Windows 8.1 using a Microsoft account linked user.
Last edited by a moderator: