Password _TBAL_? #166
Comments
|
Never seen a one like this :) Seems to be related to account in the cloud, there is a lots of chance the password is DPAPI protected somewhere or in registry as a "secret". |
|
Weird, came back today and couldn't even replicate. If I see it again, I'll keep an eye out for any secrets. Thanks! |
|
@TheNaterz I did some research into TBAL and published my results here: https://vztekoverflow.com/tbal |
|
@gentilkiwi Sample registry hives to test parsing msv1_0 tbal secret: https://vztekoverflow.com/files/tbal/1709.zip |
gentilkiwi
added a commit
that referenced
this issue
Aug 16, 2018
|
Can you please tell me how do I exactly resolve this issue? (I am a noob) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi Benjamin,
Looks like Microsoft pushed a patch out either yesterday or today. Previously, cleartext passwords could be seen under tspkg, but are now replaced by some sort of table reference?
The NTLM and SHA1 are still good, just wondering if you had any insight!
Release: 2.1.1-20180616
Windows 10 - Version 1803
The text was updated successfully, but these errors were encountered: