Domain cached credentials
|Top Previous Next|
Operating systems based on the Windows NT series can cache (store) user logon information on users that enter the domain. This feature is designed to bypass the authorization procedure after the server has been unavailable for one reason or another. Additional information is available at:
Along with the general information on a domain user, which includes the actual user information, domain information, and general information (the DCC common record structure will be covered below), DCC contains the user's password hash.
Though these caches are 'stronger' than ones stored in SAM, PSPR is able to recover plaintext passwords from them, too (using dictionary and brute-force attacks).
If you need faster recovery of DCC passwords, have a look at Elcomsoft Distributed Password Recovery project.
Note: this feature has not been tested on Windows Vista yet.
Get more information about Proactive System Password Recovery
Get full version of Proactive System Password Recovery
(c) 2014 ElcomSoft Co.Ltd.