Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows 2003 - Dumping Service Passwords

From: Larry Seltzer <Larry () larryseltzer com>
Date: Fri, 24 Nov 2006 06:35:21 -0500
If you have an account on the server then you can use Cain on your

local Windows machine to install the backdoor service Abel onto the
server via SMB, which will then let you dump the LSA Secrets and NT
Hashes. 

Doesn't this require Domain Administrator privileges?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer () ziffdavis com 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: