Metasploit mailing list archives

Re: Simple script to swap hashes in SAM ..

From: John Nash <rootsecurityfreak () gmail com>
Date: Wed, 8 Sep 2010 09:39:47 +0530

Daniel,

As i mentioned, i am aware I can create a new user or simply change the
existing user's password. I was merely checking if there could be a 3rd
novel way to solve this problem.



On Tue, Sep 7, 2010 at 10:45 PM, Daniel Clemens <
daniel.clemens () packetninjas net> wrote:


On Sep 7, 2010, at 4:18 AM, John Nash wrote:

Hello List,

While trying some post exploitation, one of the major issues i guess is

to login to the system as a user over rdp.

Hrm.
A screenshot seems to be worth a thousand words.

We can do this in a couple of ways:

      • create a new user <--- will create alarms


Who really cares if it creates alarms.
Seriously 99% of the time the response time will be nominal and no one will
respond so why worry about it.
If you have the ability to create accounts then its most likely game over
already and you've exploited what needs to be exploited to prove insecurity.

      • change the password of existing user

in case of (2) i was wondering would it be possible to just swap the

existing hash with a new one (we now the password which hashes to this one)
.... then do all we need to on the remote system ....

then just replace the old hash for the original password back into the

SAM.

Or crack the hashes so you know the password.

Is there any reason why this should not be possible? If yes, a

meterepreter script could do this job very easily ....


thoughts?


It seems like your asking the wrong questions.
My rule of thumb with any assessment or engagement is to first assess if I
am asking the wrong questions.
If I'm asking the wrong questions I'll always get the wrong answers.
Though this is a novel idea, I don't think its that valuable in the long
run.


| Daniel Uriah Clemens
| Packetninjas L.L.C | | http://www.packetninjas.net
| c. 205.567.6850      | | o. 866.267.8851
"Moments of sorrow are moments of sobriety"

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Simple script to swap hashes in SAM .. John Nash (Sep 07)
- Message not available
  - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: Simple script to swap hashes in SAM .. John Nash (Sep 07)
    - Re: Simple script to swap hashes in SAM .. ricky-lee birtles (Sep 07)
    - Re: Simple script to swap hashes in SAM .. John Nash (Sep 07)
    - Re: Simple script to swap hashes in SAM .. Carlos Perez (Sep 07)
    - Re: Simple script to swap hashes in SAM .. Robin Wood (Sep 07)
    - Re: Simple script to swap hashes in SAM .. John Nash (Sep 07)
- Re: Simple script to swap hashes in SAM .. Daniel Clemens (Sep 07)
  - Re: Simple script to swap hashes in SAM .. John Nash (Sep 07)