When Windows Syskey is used, what does the hashdump script attempt to recover from the Registry?

Study for the SANS560 GIAC Penetration Tester (GPEN) Test. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

When Windows Syskey is used, what does the hashdump script attempt to recover from the Registry?

Explanation:
When Syskey is enabled, the Security Accounts Manager (SAM) database is encrypted with a Syskey that is stored in the registry. The hashdump tool’s job in this scenario is to locate and extract that Syskey from the Registry so it can decrypt the SAM and access the password hashes (NTLM/LM) contained within. Without recovering the Syskey from the registry, the SAM remains encrypted and its hashes cannot be dumped. The other options don’t describe what hashdump retrieves in this Syskey-protected context.

When Syskey is enabled, the Security Accounts Manager (SAM) database is encrypted with a Syskey that is stored in the registry. The hashdump tool’s job in this scenario is to locate and extract that Syskey from the Registry so it can decrypt the SAM and access the password hashes (NTLM/LM) contained within. Without recovering the Syskey from the registry, the SAM remains encrypted and its hashes cannot be dumped. The other options don’t describe what hashdump retrieves in this Syskey-protected context.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy