I obtained a Domain Cache dump via cachedump SYSTEM SECURITY. I ran oclhashcat on the hash using the hash type 1000 for NTLM. Oclhashcat picked up the hash, but didn't match any passwords. Since then I noticed that hash type 1100 is for Domain Cached Credentials. Do I need to re-run the oclhashcat using 1100 or would the 1000 work if I had the right password?
↧