> I've got them using pwddump, so thanks to all on good hints. Just a quick note: you do not need to crack passwords after running PWDUMP.
Since LM and NTLM hashes are not salted, an empty password will always have the same hash. LM empty password = AAD3B435B51404EEAAD3B435B51404EE NTLM empty password = 31D6CFE0D16AE931B73C59D7E0C089C0 At this point, FINDSTR should do the trick ;) Regards, - Nicolas RUFF
