Penetration Testing mailing list archives
Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug?
From: robmann () INAME COM
Date: Wed, 28 Mar 2001 04:16:56 -0500
This looks like the F and V-struct's stored in the SAM hive of the registry. The one that will be of interest to you is the V-struct (contains a obstificated LM hash). To get to a l0pth'able hash you need to DES decrypt a 16byte portion of the V-struct with the users RID as the key. IE if it was the administrator's account you would use a key of 0x01f4. I wrote a bit of code (most of it copied from Petter Nordahl-Hagen's chntpw) to convert raw SAM V-struct's to hashs but it's extremely messy. If you really need to get the hashes out email me offline. Out of interest, what method did you use to obtain the V-structs in the first place? I almost got there remotely using MS-SQL's extended stored procedure but unfortunately it can read almost any key except for a V-struct. Rob -----Mensagem original----- De: Renato Ettisberger [mailto:renato.ettisberger () CH PWCGLOBAL COM] Enviada em: Tuesday, March 27, 2001 4:48 AM Para: PEN-TEST () SECURITYFOCUS COM Assunto: Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? BTW: My question is, how can I crack the password hash, when it comes in the following form: F:0x020020000000000000000000.... V:0x00000000a800000...... ----------------------------------------------------- Get free personalized email at http://email.lycos.com
Current thread:
- [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)
- <Possible follow-ups>
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Wertheimer, Ishai (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? H D Moore (Mar 25)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 27)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 27)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Renato Ettisberger (Mar 28)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? robmann (Mar 28)
- Re: [PEN-TEST] admin rights on an IIS 5.0 with unicode bug? Nelson Brito (Mar 26)