Penetration Testing mailing list archives

RE: Password audits

From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 25 Oct 2006 09:43:26 -0400

-----Original Message-----
Subject: Password audits

I know there are many ways to get a pw dump from a DC but my question is

this.

What is the safest way to get that, so that you dont risk having a DC need

to reboot or have to install > software on the DC?

How about restoring the DC to another machine/vm (off the production
network, of course) and doing the analysis on the clone?  That way you can
use whatever tool(s) you want and even take the machine offline and boot
from other media if you need.

PaulM



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Password audits xelerated (Oct 24)
- Re: Password audits pand0ra (Oct 24)
- Re: Password audits shaun (Oct 24)
- RE: Password audits Paul Melson (Oct 25)
- RE: Password audits Isaac Van Name (Oct 25)
  - Re: Password audits Lanny Trager (Oct 26)
- <Possible follow-ups>
- RE: Password audits Scott Ramsdell (Oct 25)