« TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer | Main | One Factor, Two Factor, Three Factor, More »

07 August 2012


I have just read your pdf paper and it made me laugh for at least 5 minutes. All the programs you mentioned in your article are based (i guess) on good-old pwdump sources. But the problem is that the crap source code incorrectly parses V entry in SAM hives.

Ocassionaly, I'm familiar with Ivan the author of Passcape tools and he told me that. His Windows Password Recovery tool is not based on PWDUMP, that's because it works.

To be more serious, I just want to caution guys who create such programs against plagiarism.

>>> Hashes can be extracted from systems that are not running by copying the
appropriate hive files

False. You can easily copy SAM and SYSTEM even from a running machine

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment