Penetration Testing mailing list archives
Re: [PEN-TEST] Dumping NT password hashes from memory
From: "Beauregard, Claude Q" <CQBeauregard () AAAMICHIGAN COM>
Date: Mon, 27 Nov 2000 10:15:48 -0500
If I'm correct in order for this to work you need to be physically at the server. If you need to do a remote attack then this isn't going to work. I know I found an accout on the client machine that provided admin access and used that account to dump the registry into L0phtcrack and I also managed to place VNC on the system so I could run local commands on the server. -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Quek, Wei (CA - Calgary) Sent: Thursday, November 23, 2000 11:54 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Dumping NT password hashes from memory i remember seeing a demo at blackhat where some guys were able to dump an nt password hash from memory and then reloading it with a different one loaded from pwdump and using it to log in remotely into another server. here's how it works; 1) run pwdump on victim machine to retrieve password hashes for say User1 2) create an account on your local machine called User1 and log into it interactively. 3) run this tool on your local machine to unload the password hash for User1 and replacing it with the password hash from pwdump. 4) net use to the remote victim machine as User1 with the victim password hash. does anyone have more information on this? WEi
Current thread:
- [PEN-TEST] Dumping NT password hashes from memory Quek, Wei (CA - Calgary) (Nov 24)
- Re: [PEN-TEST] Dumping NT password hashes from memory Alfred Huger (Nov 24)
- Re: [PEN-TEST] Dumping NT password hashes from memory Iván Arce (Nov 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Dumping NT password hashes from memory Beauregard, Claude Q (Nov 28)
- Re: [PEN-TEST] Dumping NT password hashes from memory Alfred Huger (Nov 24)