Penetration Testing mailing list archives
Re: cracking Y2k DC Admin password
From: Machiavel <pierreluc.giguere () gmail com>
Date: Wed, 27 Sep 2006 20:10:39 -0400
Hi! IronGeek wrote a cool article about cracking local SAM with SYSKEY: http://www.irongeek.com/i.php?page=security/vistasamcrack The above article is about Windows Vista Beta 2 but it also links to other articles he wrote about the same topic. Cheers Machiavel On 9/27/06, Hari Sekhon <hpsekhon () googlemail com> wrote:
Hi, I've found cachedump to be reliable in the past, lsadump caused some crashing problems for me at the time so I didn't use it. Could somebody tell me how to go about retrieving the hashes from the offline sam file. Is there a way? And if so what form do the hashes come in, DES? Thanks -h -- Hari Sekhon On 9/25/06, s-williams () nyc rr com <s-williams () nyc rr com> wrote: >> Or if you go to the %systemroot%repair in that folder you should see >> a backup of the sam and the system file feed that to lcp, saminside, >> lc5, anyone and you have your passwords. >> Sent via BlackBerry from T-Mobile >> >> -----Original Message----- >> From: okrehel () loews com >> Date: Mon, 25 Sep 2006 11:20:46 >> To:juanbabi () yahoo com >> Cc:listbounce () securityfocus com, pen-test () securityfocus com >> Subject: Re: cracking Y2k DC Admin password >> >> try >> >> - rescue in windows folder and backup sam file from it, it has admin >> credentials, johny the riper, LC, and ophcrack will do the job - with >> hash >> tables.... >> - use cachedump to dump cached credentials on that server, maybe >> admin was >> signed on (default is 5 accounts cached) >> - use lsadump2 to dump passwords of running services, maybe some of >> them is >> running with the local admin credentials >> >> Ondrej Krehel, CISSP, CEH >> >> >> >> >> juanbabi () yahoo co >> m >> Sent >> by: To >> listbounce@securi pen-test () securityfocus com >> >> tyfocus.com cc >> >> >> Subject >> 09/22/2006 08:45 cracking Y2k DC Admin password >> PM >> >> >> >> >> Hi, >> >> >> for a pen test in doing I got control on the server and logged as the >> local >> admin. know I need to retrive the admin's password this is the goal >> of the >> pen test from the client side. I know an easy way to crack the sam file >> with a live linux cd but I cant boot the server it needs to be >> allways up. >> I tried to use pwdump.exe but it tells me he cand find the local ADMIN$ >> shere. so it wont work.does someone knows a good way to retrive and >> crack >> the admin's password.I an really stuck on this... >> >> >> thanks very much ! >> >> Juan ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- cracking Y2k DC Admin password juanbabi (Sep 23)
- RE: cracking Y2k DC Admin password Bud Gordon (Sep 24)
- Re: cracking Y2k DC Admin password s-williams (Sep 24)
- Re: cracking Y2k DC Admin password okrehel (Sep 25)
- Re: cracking Y2k DC Admin password s-williams (Sep 25)
- Re: cracking Y2k DC Admin password Devin Ertel (Sep 26)
- Re: cracking Y2k DC Admin password Hari Sekhon (Sep 27)
- Re: cracking Y2k DC Admin password Jerome Athias (Sep 27)
- Re: cracking Y2k DC Admin password Machiavel (Sep 27)
- Re: cracking Y2k DC Admin password Lee Lawson (Sep 28)
- Re: cracking Y2k DC Admin password s-williams (Sep 25)
- <Possible follow-ups>
- RE: cracking Y2k DC Admin password Shenk, Jerry A (Sep 24)
- RE: cracking Y2k DC Admin password Hiten Pankhania (Sep 25)
- Re: RE: cracking Y2k DC Admin password philippe (Sep 25)
- cracking Y2k DC Admin password Steve Armstrong (Sep 25)