I have been trying to expand my knowledge, so I have set a lab with the following configuration:
Fully Patched Windows 2003 Server (Acting as a domain controller)
Unpatched Client Machine (XP), which is joined to the above domain.
Since I have been able to compromise the client machine, I was able to get the local hashes, and have been able to crack them using rainbow tables. My question is there any possible way to get Domain Passwords.
I have read about "CacheDump" tool, which will get the hashes for the last 10 logged in users (something called MSCash), and have been able to get the hashes. However, seems that these hashes cannot be cracked using rainbow table, as they came in the following format:
So any idea on the above scenario ?
Thanks alot in advance,