May 21st, 2006 03:00 PM
Auditor vs BackTrack in retrieving password hashes
I have XP Pro SP2 which is up to date with Windows Updates. I followed irongeek's tutorial using Auditor to retrieve the password hashes. There are three accounts, each with a password, but samdump2 reported that there were no passwords when trying to extract to password-hashes.txt. The accounts are The Administrator, a second Admin account and a final account with Limited rights for everyday use.
I tried the same technique using BackTrack and it only identified the Limited account as having a password. It extracted the hash into the text file.
Does anyone have any idea why I've only been able to retrieve one set of hashes when using two sets of tools that are well-recommended? I was particularly careful using spaces and lower case as I know that Linux is sensitive. I used exactly the same commands at the console in Auditor and BackTrack.