hashcat Forum
Privilege Escalation Hash Type - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: Privilege Escalation Hash Type (/thread-8765.html)



Privilege Escalation Hash Type - slawson - 11-08-2019

I am trying to learn about privilege escalation and at one point the tutorials says to try a registry search for passwords.

i.e. 

reg query HKCU /f password /t REG_SZ /s

and 

reg query HKLM /f password /t REG_SZ /s

I have some passwords that returned that seem to be encrypted, what encryption do they use?


RE: Privilege Escalation Hash Type - philsmd - 11-08-2019

while you are on that learning trip, I think it wouldn't hurt to read this about "encrypted passwords":
https://www.techsolvency.com/passwords/dehashing-reversing-decrypting/


RE: Privilege Escalation Hash Type - slawson - 11-08-2019

Thanks for the article and mild rebuke. Actually I have been guilty of using the wrong terminology and my understanding is clearer now.

Although, in my question above I thought I asked a legitimate question.

If passwords are retrieved from the registry are they stored as base64?


RE: Privilege Escalation Hash Type - Mem5 - 11-08-2019

Passwords from the registry can be everything. Which password are you talking about?
It can be Windows passwords (LM, NTLM), it can be application password (FTP, etc.), please be more specific about the one(s) your have found.


RE: Privilege Escalation Hash Type - slawson - 11-08-2019

Here is one of the results from the registry pull.

HKEY_CURRENT_USER\Software\pdfforge\PDFCreator\Settings\ApplicationSettings\Accounts\TimeServerAccounts\0
Password REG_SZ xxxxxxmCO6g=

(I x'd out half of the password)


RE: Privilege Escalation Hash Type - undeath - 11-08-2019

There is no generic answer to that, it depends on the software that put the info there. The password could be hashed, encrypted or simply encoded.


RE: Privilege Escalation Hash Type - Mem5 - 11-08-2019

The '=' at the end *migth* be a padding, often used by base64/32 encoding.
+1 you need to know how the software writes it.


RE: Privilege Escalation Hash Type - slawson - 11-08-2019

Thanks for the info. I'll take a deeper look.