GhostCow
Feb 10 2004, 02:54 PM
basically the topic sums it up:
what can i get from dumping LSA secrets? and how do i view them? (i used lsadump2 and i got a bunch of hex segments that i dont know what to do with... what info is in the dump and how do i view it or translate it or something?
nulladd
Feb 10 2004, 03:18 PM
some info it has:
encrypted file system keys so u could possibly read EFS encrypted data
password of the user in plaintext - but this depends on your configuration
cain and abel is used to dump lsa secrets
GhostCow
Feb 10 2004, 05:23 PM
yea i checked that out too... but i really dont understand any of this hex buisness and to what belongs what... noticed the plaintext pass part tho...
nulladd
Feb 11 2004, 12:30 AM
the 'hex part' is what the plaintext part looks like when it is converted to hex
GhostCow
Feb 11 2004, 10:05 AM
i saw that there's plaintext on the right column (the left was the hex). is there any app i can use to convert all the hex to plaintext in readable order?
sorry that i dont understand this but im trying to learn...
nulladd
Feb 11 2004, 12:17 PM
the plaintext on the right IS the converted hex, so u dont need to convert it
GhostCow
Feb 11 2004, 02:02 PM
yea but mt question was if there is a proggey to sort the plaintext out so i can understand whats going on... cos even with the plaintext in the right colomn i dont understant which pass is for what and what other info there is etc...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
