Penetration Testing mailing list archives
Re: Sam File via IIS flaw
From: Peter Wood <peterw () firstbase co uk>
Date: Thu, 30 Jun 2005 12:22:33 +0100
pwdump4 is the favourite, from various sites including: http://www.hackingdefined.com/tools/password/Pwdump4.zip Pete At 19:02 28/06/2005 +0000, nordicsmak () yahoo com wrote: >During a recent penetration test I've discovered a flaw in the IIS >server that allows me to browse to and view any file on the system. > >I'm able to browse to the /winnt/repair/sam file, but it obviously is >unusable in the format that's presented in the browser. > >Any way to get this file in a format that can be used in L0pht? > >Thanks, >Chris Peter Wood FBCS CITP MIEEE MIMIS CISSP Chief of Operations First Base Technologies +44 (0)1273 454525 www.fbtechies.co.uk www.white-hats.co.uk
Current thread:
- Sam File via IIS flaw nordicsmak (Jun 30)
- Re: Sam File via IIS flaw Jerome Athias (Jun 30)
- RE: Sam File via IIS flaw Prashant Meswani (Jun 30)
- Re: Sam File via IIS flaw Peter Wood (Jun 30)
- Re: Sam File via IIS flaw Alex Gottschalk (Jun 30)
- Re: Sam File via IIS flaw David Cravshaw (Jun 30)
- Re: Sam File via IIS flaw chillman (Jun 30)
- <Possible follow-ups>
- Re: Sam File via IIS flaw skill2die4 (Jun 30)