从注册表中检索Windows密码提示 [英] Retrieving Windows Password Hint from the registry

问题描述

我一直在尝试以编程方式提取Windows 7的Windows登录密码提示，并且我知道可以从注册表
中的以下位置检索它： HKLM\SAM\SAM\ Domains\Account\Users\ userkey \UserPasswordHint
但是，我不知道有什么方法可以找到 userkey

解决方案

如果能够以编程方式为当前登录的用户设置$ c>，则很容易，使用相同的注册表树。

看看 HKLM\SAM\SAM\域\帐户\用户\名称\ {username} 。条目的值将与正确的 userkey 相关。

当然请记住提示可能不存在。 / p>

编辑

哈！

正如您在评论中所说，不是包含正确值的节点值，而是该节点的默认条目的类型。使用c＃很难（即使不是不可能），因为这种类型不是标准类型。

您称为 userkey 的十六进制值是实际上，用户SID的最后一部分（这部分称为RID）。据我所知，每个管理员的RID = 500，每个Guest = 501，以1000或1001开头的普通用户现在都不记得了。

  500 = 0x1f4 
 501 = 0x1f5 
 1000 = 0x3e9 
 ... 
  

您熟悉吗？

所以我们要做的是获取用户的SID，提取有趣的部分，将其转换为填充的十六进制字符串，然后获取值。

 静态void Main（string [] args）
 {
 SecurityIdentifier sid = System.Security.Principal.WindowsIdentity.GetCurrent （）。用户; 
 var rid = sid.ToString（）。Split（’-’）。Last（）; 
 var hexValue = int.Parse（rid）.ToString（ X）。PadLeft（8，‘0’）; 
 RegistryKey密钥= Registry.LocalMachine.OpenSubKey（@ SAM\SAM\域\帐户\用户\ + hexValue）; 
 try 
 {
 var hint = key.GetValue（ UserPasswordHint）; 
 // ... 
} 
 catch（异常）
 {
 Console.WriteLine（无法访问值）; 
} 
} 
  

观看！

据我所知，如果您没有足够的特权，则无法访问SAM数据库。以系统用户身份（例如，使用 psexec -s yourbinary.exe ）运行该命令很有帮助，但它更改了当前用户，并且程序失败。因此，您需要自己研究如何为感兴趣的用户运行它。

I have been trying to extract the Windows login password hint for Windows 7 programmatically and I came to know it can be retrieved from the following location in the registry HKLM\SAM\SAM\Domains\Account\Users\"userkey"\UserPasswordHint However, I am not able to figure out is there any way to find out userkey for the currently logged-on user programmatically?

解决方案

If you can get the current user name, it's quite easy, using the same registry tree.

Take a look in HKLM\SAM\SAM\Domains\Account\Users\Names\{username}. The value of the entry would relate to the proper userkey.

Of course remember the hint may not exist.

EDIT

Ha! Nailed it!

As you said in a comment, it's not the values of the node that contain the proper value, it's the type of a default entry of that node. It's hard, if not impossible, to obtain with c#, as this types are not standard. I have troubles with this approach, so I changed it.

The hexadecimal value you call the userkey is, in fact, the last part of the user SID (this part is called RID). As far as I know, every Administrator has RID = 500, every Guest = 501, normal users starting with 1000 or 1001, can't remember right now.

And what is it in hexadecimal?

500 = 0x1f4
501 = 0x1f5
1000= 0x3e9
...

Looks familiar?

So what we need to do is to get this SID of a user, extract the interesting part, convert it to padded hexadecimal string and retrieve the value.

static void Main(string[] args)
{
    SecurityIdentifier sid = System.Security.Principal.WindowsIdentity.GetCurrent().User;
    var rid = sid.ToString().Split('-').Last();
    var hexValue = int.Parse(rid).ToString("X").PadLeft(8, '0');
    RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SAM\SAM\Domains\Account\Users\"+hexValue);
    try
    {
        var hint = key.GetValue("UserPasswordHint");
        //...
    }
    catch (Exception)
    {
        Console.WriteLine("Could not access value");
    }
}

WATCH OUT!

As far as I know you cannot access SAM database if you're not privileged enough. Running it as System user (e.g. with psexec -s yourbinary.exe) helps, but it changes the current user, and the program fails. So you need to work out on your own how to run it for an interesting user.

这篇关于从注册表中检索Windows密码提示的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！