1. 技术文章
  2. Retrieving Windows Password Hint from the registry

Retrieving Windows Password Hint from the registry

随声附和 提交于 2020-01-15 12:25:11

问题


I have been trying to extract the Windows login password hint for Windows 7 programmatically and I came to know it can be retrieved from the following location in the registry HKLM\SAM\SAM\Domains\Account\Users\"userkey"\UserPasswordHint However, I am not able to figure out is there any way to find out userkey for the currently logged-on user programmatically?


回答1:


If you can get the current user name, it's quite easy, using the same registry tree.

Take a look in HKLM\SAM\SAM\Domains\Account\Users\Names\{username}. The value of the entry would relate to the proper userkey.

Of course remember the hint may not exist.

EDIT

Ha! Nailed it!

As you said in a comment, it's not the values of the node that contain the proper value, it's the type of a default entry of that node. It's hard, if not impossible, to obtain with c#, as this types are not standard. I have troubles with this approach, so I changed it.

The hexadecimal value you call the userkey is, in fact, the last part of the user SID (this part is called RID). As far as I know, every Administrator has RID = 500, every Guest = 501, normal users starting with 1000 or 1001, can't remember right now.

And what is it in hexadecimal?

500 = 0x1f4
501 = 0x1f5
1000= 0x3e9
...

Looks familiar?

So what we need to do is to get this SID of a user, extract the interesting part, convert it to padded hexadecimal string and retrieve the value.

static void Main(string[] args)
{
    SecurityIdentifier sid = System.Security.Principal.WindowsIdentity.GetCurrent().User;
    var rid = sid.ToString().Split('-').Last();
    var hexValue = int.Parse(rid).ToString("X").PadLeft(8, '0');
    RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SAM\SAM\Domains\Account\Users\"+hexValue);
    try
    {
        var hint = key.GetValue("UserPasswordHint");
        //...
    }
    catch (Exception)
    {
        Console.WriteLine("Could not access value");
    }
}

WATCH OUT!

As far as I know you cannot access SAM database if you're not privileged enough. Running it as System user (e.g. with psexec -s yourbinary.exe) helps, but it changes the current user, and the program fails. So you need to work out on your own how to run it for an interesting user.



来源:https://stackoverflow.com/questions/26398156/retrieving-windows-password-hint-from-the-registry

标签
.net
windows
c#-4.0
regedit
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!