Penetration Testing mailing list archives
Re: [PEN-TEST] Security ????
From: "Beauregard, Claude Q" <CQBeauregard () AAAMICHIGAN COM>
Date: Tue, 6 Feb 2001 10:16:12 -0500
If I'm correct PWDUMP3 will remove the skey but I haven't had the opportunity to try it myself against an NT/2000 system that has the skey enabled. Try downloading PWDUMP3 and see if it works to remove the skey. Here is the link http://www.ebiz-tech.com <http://www.ebiz-tech.com> This version of PWDUMP3 can be used remotely but you will still need to connect to the system with an ID that has admin access. I usually attach using the "net use" command. This version of PWDUMP also has a problem with large domains (the solution to this problem is being worked on) If you try it please post your results I interested in learning how well this particular version works. Thanks C -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Osborne-1, Brett Sent: Monday, February 05, 2001 2:20 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Security ???? SYSKEY has 3 modes (per Q143475, et. al.: "autoboot", "floppyboot", and "password boot"). And the results you've captured are hashed with One-Way Functions. Decryption should be unpracticable. B*U*T assume that a system admin using SYSKEY would use "password" mode and create a 14-character password. The result would be a keyspace of about 80+ bits. That is more than a dozen times stronger than 56-bit encryption. Do the math. And that is just regarding cracking password. With the added need (at least, great benefit) to also gaining encryption keys, the use of SYSKEY should make cracking impracticable. See microsoft's tomes, as well as Trusted System' (trustedsystems.com) papers on NT Security. Brett Osborne CLCS Network Security Engineer "Whenever you eliminate the impossible, whatever remains, however improbable, must be the truth." Sherlock Holmes -----Original Message----- From: John Bumgarner [mailto:JBumgarner () MATRIXNETWORKING NET] Sent: Thursday, February 01, 2001 3:59 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Security ???? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 To the list, Does anyone know of an application that can be used to audit MS Outlook Web Access? I have all the account names gathered through known web holes and the SAM file, but it is encrypted with SYSKEY, which is the next question. Does anyone know how to unencrypted a SAM file that has been encrypted with SYSKEY? Please respond to me with any questions or comments. Sincerely, John Bumgarner Matrix Networking Group, LLC 11440 Carmel Commons Blvd. Suite 110 Charlotte, NC 28226 * Voice: (704) 405-3717 * Fax: (704) 405-2662 * mailto:jbumgarner () matrixnetworking net <mailto:jbumgarner () matrixnetworking net> www.matrixnetworking.net -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use < http://www.pgp.com <http://www.pgp.com> > iQA/AwUBOnnOIzI5K0kmDqujEQLI2wCgpPvOiBXmyqDyCbLweb4Y6LqqxSIAoOn5 Sw39BNYL1QcrZsKHFxgIPN8K =Vir2 -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Security ???? John Bumgarner (Feb 01)
- <Possible follow-ups>
- Re: [PEN-TEST] Security ???? Osborne-1, Brett (Feb 05)
- Re: [PEN-TEST] Security ???? Beauregard, Claude Q (Feb 06)