Reg query HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa netservices permission
Nolmhash REG_DWORD 0x1
The hash value of the LAN Manager is not stored during the next password change.
Ox1 is enabled
Ox0 is disabled (2003 by default)
If Enabled
The hash captured by gethash is aaa: 1020: AAD3B435B51404EEAAD3B435B51404EE: 19942CAA8FB9C145E928113D44DDFE7A :::
The hash captured by pwdump is
Aaa: 1020: no password *********************: 19942CAA8FB9C145E928113D44DDFE7A :::
There are two reasons for this. One is to disable LM, and the other is that the password is more than 14 bits. You can determine the position of the LM registry from the beginning.
What is the situation. crack the password based on the situation. If the password is more than 14, there is no need to crack it. if LM is disabled, you can try to crack the rainbows tables. Currently, this rainbow table can crack any 9-bit combination. maybe Security Bureau, we don't know if it's bigger.