Penetration Testing mailing list archives
Re: [PEN-TEST] Hard-coded passwords in WINNT directory?
From: Andreas Junestam <andreas.junestam () DEFCOM-SEC COM>
Date: Wed, 29 Nov 2000 08:24:58 +0000
Sorry, I know this is somewhat of topic, but it just struck me that this doesn't seem to be common knowledge. When you run rdisk /s you should add a minus after the s, which will suppress the floppy disk question. So, try rdisk /s- instead.... Regards andreas At 12:33 2000-11-28 -0600, you wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 With RDS, you can rdisk.exe /s the system, then issue a command to copy the repaired sam to the www_root directory, then download it. OR Using RDS, enter echo commands to create an FTP script to upload the SAMto an FTP host. That same FTP script can also be used to get Netcat or any other just as suitable ( I prefer the NT SSH server ) and configure your listenting port, and execute commands as you desire. - -----Original Message----- From: Loschiavo, Dave [mailto:DLoschiavo () FRCC CC CA US] Sent: Tuesday, November 28, 2000 09:27 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Hard-coded passwords in WINNT directory? How about in cases where null session enumeration isn't possible (firewall, RestrictAnonymous, etc) but where you can get to c:\winnt\repair (via RDS, Unicode, etc) and the sytem is running a FAT partition? How would you go about sifting the registry for account names and passwords where services are using impersonation? - -----Original Message----- From: Tom Vandepoel To: PEN-TEST () SECURITYFOCUS COM Sent: 11/28/00 3:22 AM Subject: Re: [PEN-TEST] Hard-coded passwords in WINNT directory? [snip] No doubt other interesting tidbits are stored in the registry. The question is how much you can access with a null session ofcourse... Tom. - -- _________________________________________________ Tom Vandepoel Sr. Network Security Engineer www.ubizen.com tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00 Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium _________________________________________________ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOiP6iSxWbJ8NNDpjEQKBYACgkUNF2UO8ykyHqoKhcvK32s8hWAsAniL3 qJaH8rVLsjfh7MW3PpukwB/k =ao6w -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Hard-coded passwords in WINNT directory? Jonathan Wrathall (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Times Enemy (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Ryan Russell (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Tom Vandepoel (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Kris Carlier (Nov 29)
- <Possible follow-ups>
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Plague, Grandmaster (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? William Salusky (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Loschiavo, Dave (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Davidson,Sam (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Erik "the Style" Pace (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Andreas Junestam (Nov 30)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Loschiavo, Dave (Nov 29)