Jump to content

Decrypt Hex


catchyanow

Recommended Posts

I have used the nirosoft tool that I found called LSASecretsView.

When it has loaded it displays all the passwords in Hex. I was wondering if they can be decrypted. I have it posted here because I can't download anything like that onto the family PC.

Here it is:

0000 0000 A2 39 96 29 AE E7 7E 4E 85 DC 48 11 1F 0D BD 71

The full dump is here:

0083343a-f925-4ed7-b1d6-d95d17a0b57b-RemoteDesktopHelpAssistantAccount

0000 49 00 41 00 2D 00 37 00 50 00 6B 00 5F 00 59 00

0010 4A 00 64 00 69 00 4A 00 4A 00 4B 00 00 00

0083343a-f925-4ed7-b1d6-d95d17a0b57b-RemoteDesktopHelpAssistantSID

0000 01 05 00 00 00 00 00 05 15 00 00 00 6B D6 62 04

0010 0F F8 60 1D 07 E5 3B 2B E8 03 00 00

aspnet_WP_PASSWORD

0000 7E 00 56 00 74 00 7D 00 3B 00 78 00 25 00 60 00

0010 5B 00 33 00 25 00 3E 00 2C 00 35 00

DPAPI_SYSTEM

0000 01 00 00 00 82 63 A5 11 7E D2 B7 DB 74 C5 98 EF

0010 82 8A B6 8B DA 7B 09 52 BA DE 82 DA 01 E6 61 CB

0020 A7 28 4E CD A2 1F EE 15 3E 9B DD 1E

G${ED8F4747-E13D-47bc-856B-5CEFE1A81A7F}

0000 A2 39 96 29 AE E7 7E 4E 85 DC 48 11 1F 0D BD 71

L$HYDRAENCKEY_28ada6da-d622-11d1-9cb9-00c04fb16e75

0000 52 53 41 32 48 00 00 00 00 02 00 00 3F 00 00 00

0010 01 00 01 00 9F 14 35 C4 86 05 44 E7 3A C3 0E A3

0020 C2 78 14 5D 9F 5D A8 12 E7 6D A2 C8 6B DC 89 52

0030 FE 43 9C BB 4A 1B 8B 4E E4 66 01 CC 2D 96 40 03

0040 B1 98 1B 75 2B 63 E3 07 5F 4F 83 F9 F8 6B 07 37

0050 D5 EE F7 C9 00 00 00 00 00 00 00 00 03 2E 63 76

0060 BF 93 13 88 16 57 CF 9D EF 8B A0 3C 4F 94 A0 C2

0070 78 FE 2F FC AB 1F F0 91 A4 3F 10 FE 00 00 00 00

0080 35 DA 2A C0 19 5D 99 B6 53 75 9E C3 8A C4 AB 59

0090 D7 2D 59 EB 64 A0 0C B3 3C 7B 56 3B 2D 08 82 CB

00A0 00 00 00 00 5B 9D B5 58 A9 9B 3C 79 9A 46 4E A2

00B0 EC A4 31 58 38 9E 1C EF 6E A3 99 58 A0 11 EF 65

00C0 79 AE 29 43 00 00 00 00 D5 3D 81 6B EA ED FB FD

00D0 74 C6 6B 5F 5D CE DA C4 59 C8 B1 B6 0C 7C C9 E3

00E0 5E CD ED 3E E1 F0 8A AA 00 00 00 00 07 D3 66 8C

00F0 95 59 58 57 91 9F 15 6A AE D8 47 0A A8 E2 58 FF

0100 62 9D C8 E8 DA FB 5B 73 F1 22 CF 35 00 00 00 00

0110 D1 DD 2A 8C A9 50 66 80 82 F8 50 FE A8 4C 80 81

0120 69 D9 E6 0B 48 15 4E A9 ED BC 56 F8 1B BD BC 44

0130 8D 90 79 A9 38 4B C1 57 38 50 6F 18 55 A3 61 96

0140 AD 63 DF 97 CC B2 55 38 39 67 84 C6 14 66 35 4E

0150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

0170 00 00 00 00 00 00 00 00 00 00 00 00

L$RTMTIMEBOMB_1320153D-8DA3-4e8e-B27B-0D888223A588

0000 00 32 6B 9D 3B C0 C7 01

L${6B3E6424-AF3E-4bff-ACB6-DA535F0DDC0A}

0000 6B 05 FF EE 8F 55 1D 62 F1 7F 5F C7 F7 89 EB 66

0010 B0 22 F8 25 0F 6D B8 4B 01 C7 31 C0 03 39 0E 3A

0020 35 A3 B9 CB C1 55 3B CA 83 82 98 B1 69 23 81 16

0030 76 0B 95 38 51 38 93 B1

RasDialParams!S-1-5-21-73586283-492894223-725345543-1006#0

0000 31 00 37 00 32 00 30 00 34 00 37 00 31 00 38 00

0010 00 00 31 00 36 00 30 00 30 00 00 00 30 00 00 00

0020 00 00 00 00 00 00 00 00 00 00 30 00 00 00 00 00

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...