Penetration Testing mailing list archives
Re: Sam File via IIS flaw
From: David Cravshaw <david.cravshaw () gmail com>
Date: Thu, 30 Jun 2005 12:11:54 -0500
I recently ran into a similar issue. Since the browser doesn't interpret the sam file particularly well, you'll need something else to pull it down. wget worked just fine in my case. Also note, that due to syskey (enabled by default on win2000+), you will need to pull down /winnt/repair/system and use something like SAMInside that Jerome mentioned to extract the hashes from the sam using the syskey in the system file. Then you have the hashes in l0pht-able, or more preferably, rainbowcrack-able format! On 28 Jun 2005 19:02:54 -0000, nordicsmak () yahoo com <nordicsmak () yahoo com> wrote:
During a recent penetration test I've discovered a flaw in the IIS server that allows me to browse to and view any file on the system. I'm able to browse to the /winnt/repair/sam file, but it obviously is unusable in the format that's presented in the browser. Any way to get this file in a format that can be used in L0pht? Thanks, Chris
Current thread:
- Sam File via IIS flaw nordicsmak (Jun 30)
- Re: Sam File via IIS flaw Jerome Athias (Jun 30)
- RE: Sam File via IIS flaw Prashant Meswani (Jun 30)
- Re: Sam File via IIS flaw Peter Wood (Jun 30)
- Re: Sam File via IIS flaw Alex Gottschalk (Jun 30)
- Re: Sam File via IIS flaw David Cravshaw (Jun 30)
- Re: Sam File via IIS flaw chillman (Jun 30)
- <Possible follow-ups>
- Re: Sam File via IIS flaw skill2die4 (Jun 30)