0

I'm trying to crack a Windows 10 laptop that I myself set a password on a day or so ago. So far I've tried booting into Ophcrack 3.6 and ONTP&RE (Offline NT Password & Registry Editor) from LiveUSBs - both report the password as being blank.

Ophcrack's insistence that the blank password has been found means it's not possible to initiate any cracking process, and it shows the same supposedly accurate blank hash as that seen here

31d6cfe0d16ae931b73c59d7e0c089c0

ONTP&RE returns the error:

No NT MD4 hash found. This user probably has a BLANK password!
No LANMAN has found either. Try login with no password.

I've confirmed that a non-blank password is definitely set before and after booting from both the live USBs, and others have reported using both to successfully crack W10 passwords, so what's going on here to cause this problem? I really don't want to have to be forced to use more dedicated, time-consuming cracking tools like Mimikatz and hashcat unless Windows 10 is truly beyond the capabilities of tools like Ophcrack and ONTP&RE.

Hashim Aziz
  • 969
  • 8
  • 21
  • Related: https://security.stackexchange.com/questions/157922/how-are-windows-10-hashes-stored-if-the-account-is-setup-using-a-microsoft-accou – aventurin Dec 22 '19 at 12:13

1 Answers1

2

Windows 10 anniversary update uses new SAM encryption. Hashes are stored differently too. That's why PWDUMP seems always returns an empty hash. Windows 10 Anniversary Update and later uses AES128 to encrypt password's MD4 hash.

Abhinav Kumar
  • 46
  • 1