[syringe]

Hi

I found this somewhere:

Quote:

MSCASH = MD4( MD4(password ) || lowercase(username) )

Can somebody please explain every step of generating an mscash hash (first generate the md4 hash of the plain text password.......)?

and is there any way to revert an mscash hash to an md4 hash, when the salt (=username) is known?

I'd be very grateful for a reply

[tommyboy123x]

it looks like a way to check to see if the password and username are accepted in some login screen or something. My guess is that MSCASH is a sort of variable or possible access to a db file. The password you log in with is encrypted with the MD4 algorithm, paired with the lowercase(username), and either stored as the variable or checks the file MSCASH to see if it has that username/password combo

again, this is only a guess... a little more info would be necessary to accuratelly tell what it does such as what the file is called where the text came from, what language this is in, etc etc

[TheHeadFL]

Since MDx functions are "message digest" functions, the answer is that no, there is no way to get the original hash from the MSCACH hash, since MD4 (like the more common MD5) is a one-way hash type function.

[syringe]

hello tommyboy,

it is fine to assume, to guess and to think, but at least try to
make a little bit of research. You can provide yourself with the information needed in this case. The MSCash is nothing wrapped in mystery, it is simply the hashing mechanism of Microsoft to store Domain login credentials on the local machine.

Quote:

By default Windows 2000, XP and 2003 systems in a domain or Active Directory tree cache the
passwords and credentials of previously logged in users. This is done so that the users can still
login again if the Domain Controller or ADS tree can not be reached either because of Controller
failure or network problems. These cached passwords are stored as hashes in the local systems
registry at the values HKEY_LOCAL_MACHINE\SECURITY\CACHE\NL$1 though NL$10.