RE: Where are Windows "Enforce password history" passwords stored?

• Previous message: William Tarkington: "RE: Business justification for pentesting"
• In reply to: Soluk, Kirk: "RE: Where are Windows "Enforce password history" passwords stored?"
• Next in thread: Jean-Baptiste Marchand: "Re: Where are Windows "Enforce password history" passwords stored?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <pen-test@securityfocus.com>
Date: Tue, 30 Aug 2005 20:28:29 -0400

For Microsoft AD domain controller, the NTDS.dit file is the database you
are looking for.

The local SAM file is not going to store the AD users info.

________________________________________________________
Dave Kleiman, CAS, CIFI, CISM, CISSP, ISSAP, ISSMP, MCSE

www.SecurityBreachResponse.com www.ComputerForensicInvestigations.com
 

> -----Original Message-----
> From: Soluk, Kirk [mailto:kmsoluk@umich.edu]
> Sent: Monday, August 29, 2005 18:18
> To: Charles Gillman; pen-test@securityfocus.com
> Subject: RE: Where are Windows "Enforce password history"
> passwords stored?
>
> On a non-dc there stored in the SAM database (not sure where
> they are stored on a DC).
> Check out Lab 2.2 in this presentation
> http://www.citi.umich.edu/projects/itss/lectures/lecture-07.ppt
> The fifth slide (within Lab 2.2) points to the password history.
> /Kirk
>
> > -----Original Message-----
> > From: Charles Gillman [mailto:charles.gillman@gmail.com]
> > Sent: Sunday, August 28, 2005 9:14 PM
> > To: pen-test@securityfocus.com
> > Subject: Where are Windows "Enforce password history"
> > passwords stored?
> >
> > Can anyone tell me where the "remembered" passwords are stored when
> > the "Enforce password history" is set in Group Policy?
> >
> > If this setting is set to its maximum value of 24 then I
> would expect
> > 24 password hashes are stored for each account for the setting to
> > work. But where?
> >
> > More importantly are there any tools/techniques for accessing the
> > "remembered" passwords?
> >
> > Thanks
> > CG
> >
>
>

• Previous message: William Tarkington: "RE: Business justification for pentesting"
• In reply to: Soluk, Kirk: "RE: Where are Windows "Enforce password history" passwords stored?"
• Next in thread: Jean-Baptiste Marchand: "Re: Where are Windows "Enforce password history" passwords stored?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]