12-18-2022, 01:02 AM
(12-17-2022, 11:26 PM)marc1n Wrote: You can also find the same in *HKEY_LOCAL_MACHINE\SAM* in the registry editor.
https://www.youtube.com/watch?v=Um75rEBPjMo
Thanks for the answer. This is the path I am following. The problem is that I have the registry in text format, like this:
Code:
[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Account\Users\000001A3]
"F"=hex:03,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
.......
"V"=hex:00,00,00,00,e4,00,00,00,03,00,01,00,e1,00,00,00,0a,00,00,00,00,00,00,\
00,f4,00,00,00,00,00,00,00,00,00,00,00,f4,00,00,00,70,00,00,00,00,00,00,00,\
........I am reading the code of the creddump7 to understand how it get the hash. It is not simple as the linux
Is there a program that get the hash from the reg export command?