wireshark_secret
Ctrl+shirt+v
8、热心助人的小明同学
使用工具volatility查看镜像的信息
volatility_2.6_win64_standalone -f image.raw imageinfo
列出所有用户和密码:
volatility_2.6_win64_standalone -f image.raw --profile=Win7SP1x86_23418 hashdump
Xiaohong这个用户的密码解不开
3fa7d7d3c37b8e9baaf6ed13d70ed858
volatility_2.6_win64_standalone -f image.raw --profile=Win7SP1x86_23418 lsadump
ZDFyVDlfdTNlUl9wNHNTdzByRF9IQUNLRVIh
flag{ZDFyVDlfdTNlUl9wNHNTdzByRF9IQUNLRVIh}
