Jump to content

Deleting Old LSA Secrets


medic327
 Share

Recommended Posts

First and foremost:  If I posted this in the wrong place im sorry.  I just joined the forum and am still getting the lay of the land.

Im trying to figure out how to delete a few old LSA secrets which trillian stored a while back.  I uninstalled the program but that did not change anything.  When I open up regedit and try to get to HKEY_LOCAL_MACHINESecurityPolicySecrets I am only able to see that the directory exists but I cannot expand the tree any further. 

Forgive me if this is a noobish question, but I havent dealt much with this kinda stuff before.

Link to comment
Share on other sites

First and foremost:  If I posted this in the wrong place im sorry.   I just joined the forum and am still getting the lay of the land.

Im trying to figure out how to delete a few old LSA secrets which trillian stored a while back.   I uninstalled the program but that did not change anything.   When I open up regedit and try to get to HKEY_LOCAL_MACHINESecurityPolicySecrets I am only able to see that the directory exists but I cannot expand the tree any further.   

Forgive me if this is a noobish question, but I havent dealt much with this kinda stuff before.

LSA Secrets should be made unreadable by other programs with the latest patches from Microsoft (ie:does not work using Cain  or other pwdump type programs anymore, but will still be obtainable with a livecd to view the local hard drive and dump the local system settings).

Link to comment
Share on other sites

Thanks digip,

Am I going to have to reformat / wipe in order to get rid of my LSA secrets or is there a way I can remove them via live CD or right through windows?

To remove the hashes you can make the password longer than 14 characters to make it not cache the lm hash.

As far as I know you cant remove them via live cd, but when you go to retreive them via live cd there won't be anything in the sam file to crack. I am not sure about NTLM though or how that works but if your using something like Netware or Novell I think it removes them all.(someone else want to confirm this for me?) We use Novell at work and there aren't any hashes to be retreived using lsa secrets.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...