Dumping Hashes from SAM via Registry Red Team Notes

The NT hash is the one that is simply MD4(unicode)… And in Windows NT, this is all we need to do to get the hashes. This information is conveyed back to the source by a field in the header. Don’t select the Delete Browsing History checkbox to the left of this button. Loading hive files […]