Penetration Testing mailing list archives

Re: Sam File via IIS flaw

From: chillman <charles.gillman () gmail com>
Date: Fri, 1 Jul 2005 09:11:51 +1000

Chris

You are getting the very messy output of a binary file (Backup SAM)
displayed in your browser?

There was a Perl script to reassemble this output into a SAM file
which was used against the old Compaq Insight Manager directory
traversal vulnerability.  I don't have the URL, try AstalaVista or
Google.

Once you have the binary SAM file you can use SAMDUMP to convert into
a PWDump format for importing into your favourite password cracker.

Regards
Charles

On 28 Jun 2005 19:02:54 -0000, nordicsmak () yahoo com
<nordicsmak () yahoo com> wrote:

During a recent penetration test I've discovered a flaw in the IIS server that allows me to browse to and view any 
file on the system.

I'm able to browse to the /winnt/repair/sam file, but it obviously is unusable in the format that's presented in the 
browser.

Any way to get this file in a format that can be used in L0pht?

Thanks,
Chris

Current thread:

Sam File via IIS flaw nordicsmak (Jun 30)
- Re: Sam File via IIS flaw Jerome Athias (Jun 30)
- RE: Sam File via IIS flaw Prashant Meswani (Jun 30)
- Re: Sam File via IIS flaw Peter Wood (Jun 30)
- Re: Sam File via IIS flaw Alex Gottschalk (Jun 30)
- Re: Sam File via IIS flaw David Cravshaw (Jun 30)
- Re: Sam File via IIS flaw chillman (Jun 30)
- <Possible follow-ups>
- Re: Sam File via IIS flaw skill2die4 (Jun 30)