Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Encrypted SAM file

From: "Beauregard, Claude Q" <CQBeauregard () aaamichigan com>
Date: Fri, 29 Jun 2001 10:10:22 -0400
Interesting problem. 

I was trying to use pwdump3 to download the hashes from an NT server. The
problem is that this server will not allow access to the admin share.
However I was able to gain access to the C$ using Hyena and a admin
equivalent user account which also does not have access to the admin share.
I was able to access the repair directory and get the compressed sam and
expanded it. The file appears to be encrypted using the Syskey. Any ideas on
how to get pass the encryption. I thought that there was a way to use
pwdump3 to do this but its looking for a server name not a file name.

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: