Penetration Testing mailing list archives
Re: [PEN-TEST] Hard-coded passwords in WINNT directory?
From: "Loschiavo, Dave" <DLoschiavo () FRCC CC CA US>
Date: Tue, 28 Nov 2000 07:26:57 -0800
How about in cases where null session enumeration isn't possible (firewall, RestrictAnonymous, etc) but where you can get to c:\winnt\repair (via RDS, Unicode, etc) and the sytem is running a FAT partition? How would you go about sifting the registry for account names and passwords where services are using impersonation? -----Original Message----- From: Tom Vandepoel To: PEN-TEST () SECURITYFOCUS COM Sent: 11/28/00 3:22 AM Subject: Re: [PEN-TEST] Hard-coded passwords in WINNT directory? [snip] No doubt other interesting tidbits are stored in the registry. The question is how much you can access with a null session ofcourse... Tom. -- _________________________________________________ Tom Vandepoel Sr. Network Security Engineer www.ubizen.com tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00 Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium _________________________________________________
Current thread:
- [PEN-TEST] Hard-coded passwords in WINNT directory? Jonathan Wrathall (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Times Enemy (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Ryan Russell (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Tom Vandepoel (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Kris Carlier (Nov 29)
- <Possible follow-ups>
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Plague, Grandmaster (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? William Salusky (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Loschiavo, Dave (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Davidson,Sam (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Erik "the Style" Pace (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Andreas Junestam (Nov 30)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Loschiavo, Dave (Nov 29)