Nmap Development mailing list archives
Re: [NSE] pwdump script
From: David Fifield <david () bamsoftware com>
Date: Wed, 11 Feb 2009 17:14:18 -0700
On Wed, Feb 11, 2009 at 06:05:46PM -0600, Ron wrote:
David Fifield wrote:I changed the setting from guest to classic and ran again. $ ./nmap --datadir=. -PN -d2 -p139,445 --script=smb-pwdump --script-args=smbuser=jrandom,smbpass=jrandom 192.168.0.190 Host script results: |_ smb-pwdump: ERROR: Couldn't create the service on the remote machine: NT_STATUS_UNKNOWN (0x000006e4) (svcctl.openscmanagerw)I haven't been able to figure out how to access the service control service on Windows XP. I've spent a lot of time on that issue, and unfortunately I haven't been able to resolve it. I even posted to the Metasploit mailing list, since they do it, but it didn't help. Currently, it'll work against Windows 2000 or 2003.
Sorry, you totally mentioned that but somehow I missed it. You said: "...finding a tool that can remotely dump hashes from Linux isn't easy (Metasploit is one way, but it's even more invasive than this)." If this has a chance to become the standard Unix-based hash grabber then it's worth pursuing. I agree there's a big difference between logging in with a user name you know and exploiting some vulnerability to get the hashes. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] pwdump script Ron (Jan 04)
- Re: [NSE] pwdump script Raul Siles (Jan 06)
- Re: [NSE] pwdump script Ron (Jan 06)
- Re: [NSE] pwdump script David Fifield (Feb 11)
- Re: [NSE] pwdump script Ron (Feb 11)
- Re: [NSE] pwdump script David Fifield (Feb 11)
- Re: [NSE] pwdump script Ron (Feb 11)
- Re: [NSE] pwdump script Kristof Boeynaems (Feb 12)
- Re: [NSE] pwdump script Ron (Feb 12)
- Re: [NSE] pwdump script Ron (Feb 11)
- Re: [NSE] pwdump script Raul Siles (Jan 06)