medic327 Posted May 16, 2007 Share Posted May 16, 2007 First and foremost: If I posted this in the wrong place im sorry. I just joined the forum and am still getting the lay of the land. Im trying to figure out how to delete a few old LSA secrets which trillian stored a while back. I uninstalled the program but that did not change anything. When I open up regedit and try to get to HKEY_LOCAL_MACHINESecurityPolicySecrets I am only able to see that the directory exists but I cannot expand the tree any further. Forgive me if this is a noobish question, but I havent dealt much with this kinda stuff before. Quote Link to comment Share on other sites More sharing options...
digip Posted May 17, 2007 Share Posted May 17, 2007 First and foremost: If I posted this in the wrong place im sorry. I just joined the forum and am still getting the lay of the land. Im trying to figure out how to delete a few old LSA secrets which trillian stored a while back. I uninstalled the program but that did not change anything. When I open up regedit and try to get to HKEY_LOCAL_MACHINESecurityPolicySecrets I am only able to see that the directory exists but I cannot expand the tree any further. Forgive me if this is a noobish question, but I havent dealt much with this kinda stuff before. LSA Secrets should be made unreadable by other programs with the latest patches from Microsoft (ie:does not work using Cain or other pwdump type programs anymore, but will still be obtainable with a livecd to view the local hard drive and dump the local system settings). Quote Link to comment Share on other sites More sharing options...
medic327 Posted May 17, 2007 Author Share Posted May 17, 2007 Thanks digip, Am I going to have to reformat / wipe in order to get rid of my LSA secrets or is there a way I can remove them via live CD or right through windows? Quote Link to comment Share on other sites More sharing options...
digip Posted May 17, 2007 Share Posted May 17, 2007 Thanks digip, Am I going to have to reformat / wipe in order to get rid of my LSA secrets or is there a way I can remove them via live CD or right through windows? To remove the hashes you can make the password longer than 14 characters to make it not cache the lm hash. As far as I know you cant remove them via live cd, but when you go to retreive them via live cd there won't be anything in the sam file to crack. I am not sure about NTLM though or how that works but if your using something like Netware or Novell I think it removes them all.(someone else want to confirm this for me?) We use Novell at work and there aren't any hashes to be retreived using lsa secrets. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.