Re: windows 2003 server

[Nicolas RUFF <nicolas.ruff () gmail com>]

> Yea if you used pwdump you need admin privledges to dump the hashes. If
> you manage to get a reverse shell you can ftp the sam from the repair
> folder and the system part of the registry. Then import them into L0pht
> or LCP. If I am not mistaken, the sam file is sysked at level 1 by
> default for 2k3? Could someone verify that for me?

SYSKEY has been enabled by default since Windows 2000.

By the way, "SYSKEY" and "REPAIR" things are of no use on a Domain
Controller (since the original question was about domain password
policy). All user information (including password) is stored in Active
Directory - namely the "NTDS.DIT" file, which is of undocumented format.

By accessing the SAM file on a Domain Controller, you would gain access
to local accounts that existed on the server before DC promotion. If I
remember well, some emergency utilities (like Directory Restore Mode)
make use of this password, but that's all.

Regards,
- Nicolas RUFF


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------