Re: cracking Y2k DC Admin password

[Hari Sekhon <hpsekhon () googlemail com>]

Hi,
  I've found cachedump to be reliable in the past, lsadump caused some 
crashing problems for me at the time so I didn't use it.

Could somebody tell me how to go about retrieving the hashes from the 
offline sam file. Is there a way? And if so what form do the hashes come 
in, DES?


Thanks

-h

--
Hari Sekhon


On 9/25/06, s-williams () nyc rr com <s-williams () nyc rr com> wrote:
> > Or if you go to the %systemroot%repair in that folder you should see 
> > a backup of the sam and the system file feed that to lcp, saminside, 
> > lc5, anyone and you have your passwords.
> > Sent via BlackBerry from T-Mobile
> >
> > -----Original Message-----
> > From: okrehel () loews com
> > Date: Mon, 25 Sep 2006 11:20:46
> > To:juanbabi () yahoo com
> > Cc:listbounce () securityfocus com, pen-test () securityfocus com
> > Subject: Re: cracking Y2k DC Admin password
> >
> > try
> >
> > - rescue in windows folder and backup sam file from it, it has admin
> > credentials, johny the riper, LC, and ophcrack will do the job - with 
> > hash
> > tables....
> > - use cachedump to dump cached credentials on that server, maybe 
> > admin was
> > signed on (default is 5 accounts cached)
> > - use lsadump2 to dump passwords of running services, maybe some of 
> > them is
> > running with the local admin credentials
> >
> > Ondrej Krehel, CISSP, CEH
> >
> >
> >
> >
> >              juanbabi () yahoo co
> >              m
> >              Sent 
> > by:                                                   To
> >              listbounce@securi         pen-test () securityfocus com
> >              
> > tyfocus.com                                                cc
> >
> >                                                                    
> > Subject
> >              09/22/2006 08:45          cracking Y2k DC Admin password
> >              PM
> >
> >
> >
> >
> > Hi,
> >
> >
> > for a pen test in doing I got control on the server and logged as the 
> > local
> > admin. know I need to retrive the admin's password this is the goal 
> > of the
> > pen test from the client side. I know an easy way to crack the sam file
> > with a live linux cd but I cant boot the server it needs to be 
> > allways up.
> > I tried to use pwdump.exe but it tells me he cand find the local ADMIN$
> > shere. so it wont work.does someone knows a good way to retrive and 
> > crack
> > the admin's password.I an really stuck on this...
> >
> >
> > thanks very much !
> >
> > Juan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------