Re: Windows XP / 2K3 Default Users

[pand0ra <pand0ra.usa () gmail com>]

shmoo has a pretty good set of rainbow tables.

On 10/28/06, Machiavel <pierreluc.giguere () gmail com> wrote:
> Hi list,
>
> That brings another question. Guys, what is your source for rainbow
> tables. I mean are you generating them or you just downloaded them
> somwhere.
>
> Mines are still generating :)
>
> Thanks
>
> --
> Machiavel
>
> On 10/26/06, ep <captgoodnight () hotmail com> wrote:
> > I crack these routinely when pentesting/playing, granted, it's by pushing
> > the sam through rainbow tables, thus admin access...
> > Basically, any sam once in hand, is cracked these days via rainbowtables.
> > There're ways to prevent this from happening, but most admins don't go that
> > extra step...
> >
> > --cg
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
> > Behalf Of Joey Peloquin
> > Sent: Wednesday, October 25, 2006 12:38 PM
> > To: s-williams () nyc rr com; Pen-Testing
> > Subject: Re: Windows XP / 2K3 Default Users
> >
> > s-williams () nyc rr com wrote:
> > > Hello list this might be an easy question to answer but have anyone
> > >been sucessful in using windows built in default accounts when doing a
> > >password audit. I
> > know  most
> > >xp machines has (help assitant and support_xxxxxxxx). Is their a
> > >default
> > list out
> > >there some where with various vendor OS  passwords, or a way to figure
> > >out the password for these accounts.
> > > Sent via BlackBerry from T-Mobile
> >
> > You can try to crack them through normal means, but it'd likely be a futile
> > act since a) they are randomized and *extremely* complex (as far as I
> > recall) and b) even my ~13 year old knows to restrict these accounts.  There
> > are clueless admins out there though, so, *shrug*.
> >
> > -jp
> >
> >
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
> > 0008bOW
> > ------------------------------------------------------------------------
> >
> >
> >
> > ------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> > ------------------------------------------------------------------------
> >
> >
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------