-
The DPAPI is a Windows system which stored passwords bound to the local system. In the user directory there are the keys stored in the AppData\Roaming\Microsoft\Protect\<SID> directory. From the user’s password, a master key is derived. When the user changes his password, a new master key is generated as well — and all old master…
-
(!) See also Password spraying to check a obtained password against usernames. Note: Use http://rumkin.com/tools/cipher/ if you have to encode/decrypt/decipher something on the fly. Wordlist optimization If there is a password policy known: Check password policy In Windows, type net accounts to get informations about account locking, lockout threasholds etc. Cloud-based performance cracking See NPK Default passwords Hashcat Am…