Penetration Testing mailing list archives

Re: [PEN-TEST] Security ????

From: "Beauregard, Claude Q" <CQBeauregard () AAAMICHIGAN COM>
Date: Tue, 6 Feb 2001 10:16:12 -0500

If I'm correct PWDUMP3 will remove the skey but I haven't had the
opportunity to try it myself against an NT/2000 system that has the skey
enabled. Try downloading PWDUMP3 and see if it works to remove the skey.
Here is the link
http://www.ebiz-tech.com <http://www.ebiz-tech.com>  This version of PWDUMP3
can be used remotely but you will still need to connect to the system with
an ID that has admin access. I usually attach using the "net use" command.
This version of PWDUMP also has a problem with large domains (the solution
to this problem is being worked on) If you try it please post your results I
interested in learning how well this particular version works.

Thanks
C


-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of
Osborne-1, Brett
Sent: Monday, February 05, 2001 2:20 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Security ????


SYSKEY has 3 modes (per Q143475, et. al.: "autoboot", "floppyboot", and
"password boot"). And the results you've captured are hashed with One-Way
Functions. Decryption should be unpracticable.

B*U*T assume that a system admin using SYSKEY would use "password" mode and
create a 14-character password. The result would be a keyspace of about 80+
bits. That is more than a dozen times stronger than 56-bit encryption. Do
the math. And that is just regarding cracking password. With the added need
(at least, great benefit) to also gaining encryption keys, the use of SYSKEY
should make cracking impracticable.

See microsoft's tomes, as well as Trusted System' (trustedsystems.com)
papers on NT Security.

Brett Osborne
CLCS Network Security Engineer
"Whenever you eliminate the impossible, whatever remains, however
improbable, must be the truth." Sherlock Holmes

-----Original Message-----
From: John Bumgarner [mailto:JBumgarner () MATRIXNETWORKING NET]
Sent: Thursday, February 01, 2001 3:59 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Security ????



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To the list,

Does anyone know of an application that can be used to audit MS
Outlook Web Access?  I have all the account names gathered through
known web holes and the SAM file, but it is encrypted with SYSKEY,
which is the next question.

Does anyone know how to unencrypted a SAM file that has been
encrypted with SYSKEY?

Please respond to me with any questions or comments.

Sincerely,

John Bumgarner
Matrix Networking Group, LLC
11440 Carmel Commons Blvd.
Suite 110
Charlotte, NC  28226
* Voice:  (704) 405-3717
* Fax:     (704) 405-2662
* mailto:jbumgarner () matrixnetworking net
<mailto:jbumgarner () matrixnetworking net>
       www.matrixnetworking.net




-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use < http://www.pgp.com
<http://www.pgp.com> >

iQA/AwUBOnnOIzI5K0kmDqujEQLI2wCgpPvOiBXmyqDyCbLweb4Y6LqqxSIAoOn5
Sw39BNYL1QcrZsKHFxgIPN8K
=Vir2
-----END PGP SIGNATURE-----

Current thread:

[PEN-TEST] Security ???? John Bumgarner (Feb 01)
- <Possible follow-ups>
- Re: [PEN-TEST] Security ???? Osborne-1, Brett (Feb 05)
- Re: [PEN-TEST] Security ???? Beauregard, Claude Q (Feb 06)