Penetration Testing mailing list archives
RE: SAM file editing
From: Matthew Long <matthew.long () loftusitns co uk>
Date: Mon, 25 Jun 2001 09:05:36 +0100
Its not quite the same as "editing the SAM" But, Say you find the Domain Admin password is "abcdefgh" And you login locally on your machine and set the local admin password to "abcdefgh" as well. Then when you try to access the network while logged in as the local account you may find that you can get domain level access because the MS authentication doesn't seem to check the domain and just passes through the username and password. I know this works for ipc$ shares but has anyone got any documentation on any other exploitations of this. -----Original Message----- From: Russell, Pat [mailto:pat.russell () jlspecialty com] Sent: 22 June 2001 12:46 To: Subject: SAM file editing Is it possible to edit the SAM file in NT4.0 without using an external program? I have an incident where someone gave himself administrative rights the domain but insists "all" he did was modify the SAM file on the local machine. This doesn't sound right but I am not sure. Thanks for any help... Pat Russell Process Control & Automation Engineer J&L Specialty Steel, Inc. pat.russell () jlspecialty com
Current thread:
- SAM file editing Russell, Pat (Jun 22)
- <Possible follow-ups>
- RE: SAM file editing MILES John M (Jun 24)
- RE: SAM file editing Wertheimer, Ishai (Jun 24)
- finding out all the files on a webserver's directory Venkat RK Reddy (Jun 27)
- RE: SAM file editing Matthew Long (Jun 25)
- Re: SAM file editing SMILER (Jun 25)
- RE: SAM file editing Rebecca Kastl (Jun 25)
- Re: SAM file editing Victor A. Rodriguez (Jun 26)
- RE: SAM file editing Pybus, David (Jun 26)