Penetration Testing mailing list archives
Re: [PEN-TEST] Hard-coded passwords in WINNT directory?
From: Tom Vandepoel <Tom.Vandepoel () UBIZEN COM>
Date: Tue, 28 Nov 2000 12:22:03 +0100
Jonathan Wrathall wrote:
During a test of a client's IIS web server, I've encountered the following scenario: 1. I am able to view files in the WINNT directory using the "MS Index Server '%20' ASP Source Disclosure Vulnerability" vulnerability. 2. I am able to connect to IPC$, and I've used dumpsec to get the userlist etc. 3. The winnt/system32/repair/sam._ file does not appear to be present. Can anyone suggest other files that might reveal hard-coded passwords, or other valuable information?
If you have remote registry access, try browsing that. Somarsoft's 'dumpreg' is your friend (http://www.systemtools.com/somarsoft)... I recently had a major stroke of luck on a system which had VNC installed; vnc stores its password hash in the registry and the encryption is reversable, just use 'vncdec.c'. This vnc password also appeared to be the 'administrator' password ;-) No doubt other interesting tidbits are stored in the registry. The question is how much you can access with a null session ofcourse... Tom. -- _________________________________________________ Tom Vandepoel Sr. Network Security Engineer www.ubizen.com tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00 Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium _________________________________________________
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- [PEN-TEST] Hard-coded passwords in WINNT directory? Jonathan Wrathall (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Times Enemy (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Ryan Russell (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Tom Vandepoel (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Kris Carlier (Nov 29)
- <Possible follow-ups>
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Plague, Grandmaster (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? William Salusky (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Loschiavo, Dave (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Davidson,Sam (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Erik "the Style" Pace (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Andreas Junestam (Nov 30)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Loschiavo, Dave (Nov 29)