hashdump.py will output wrong hashes if LM hash is not in use

michelle-joudrey / volatility

Automatically exported from code.google.com/p/volatility

GNU General Public License v2.0

0 stars 0 forks source link

hashdump.py will output wrong hashes if LM hash is not in use #321

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

I was alerted to this via the creddump code, apparently this was presented at 
BlackHat this year:

https://code.google.com/p/creddump/issues/detail?id=3
http://media.blackhat.com/bh-us-12/Briefings/Reynolds/BH_US_12_Reynods_Stamp_Out
_Hash_WP.pdf

The fix is pretty simple, and a patch against creddump can be found in that 
issue. If someone else wants to fold it in please feel free, otherwise I'll try 
to get to it soon.

Original issue reported on code.google.com by moo...@gmail.com on 6 Aug 2012 at 6:41

Merged into: #92

GoogleCodeExporter commented 8 years ago

Thanks Mooyix, I'll take a look at fixing it up this week. By the way, we have 
issue #297 open for the following problems:

* Neither hashdump nor lsadump work on any x64 
* Hashdump works on all x86 (but no x64)
* Lsadump works on XP and 2003 x86 (but no x64 and no vista/2008/7 on x86)

If you have any ideas how to fix them, can you comment on issue #297?

Original comment by michael.hale@gmail.com on 6 Aug 2012 at 8:32

GoogleCodeExporter commented 8 years ago

Just merging this with the other hash/cache/lsa-dump issues

Original comment by michael.hale@gmail.com on 1 Feb 2013 at 5:05

Changed state: Duplicate