Penetration Testing mailing list archives
Re: cracking Y2k DC Admin password
From: killy <killfactory () gmail com>
Date: Thu, 28 Sep 2006 16:24:58 -0400
Hi Juan, Try this. If the Domain Admin has recently logged into the server, simply run 'dumpcache'. If you have the Domain Admins hash, then you run John the Ripper or Cain and Able to crack it. Follow carefully, with Cain program running, select cracker--> then highlight MS-cache hashes --> then select the '+' sign. this will dump ms-cache on your local pc. now go into program files/cain and look for cache.lst. open it and view the format of the captured hash. compare it to the output of the dumpcahce program. simply copy your dump cache into the cache.lst in the Cain format. now open Cain and you will see your captured hash from the domain admin account. Now you can either brute force it or use the Rainbow table option. I hope that was clear. Sorry I am in a hurry. feel free to contact me off line. On 23 Sep 2006 00:45:03 -0000, juanbabi () yahoo com <juanbabi () yahoo com> wrote:
Hi, for a pen test in doing I got control on the server and logged as the local admin. know I need to retrive the admin's password this is the goal of the pen test from the client side. I know an easy way to crack the sam file with a live linux cd but I cant boot the server it needs to be allways up. I tried to use pwdump.exe but it tells me he cand find the local ADMIN$ shere. so it wont work.does someone knows a good way to retrive and crack the admin's password.I an really stuck on this... thanks very much ! Juan ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
-- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- cracking Y2k DC Admin password juanbabi (Sep 23)
- RE: cracking Y2k DC Admin password Bud Gordon (Sep 24)
- Re: cracking Y2k DC Admin password s-williams (Sep 24)
- Re: cracking Y2k DC Admin password okrehel (Sep 25)
- Re: cracking Y2k DC Admin password s-williams (Sep 25)
- Re: cracking Y2k DC Admin password Devin Ertel (Sep 26)
- Re: cracking Y2k DC Admin password Hari Sekhon (Sep 27)
- Re: cracking Y2k DC Admin password Jerome Athias (Sep 27)
- Re: cracking Y2k DC Admin password Machiavel (Sep 27)
- Re: cracking Y2k DC Admin password Lee Lawson (Sep 28)
- Re: cracking Y2k DC Admin password s-williams (Sep 25)
- <Possible follow-ups>
- RE: cracking Y2k DC Admin password Shenk, Jerry A (Sep 24)
- RE: cracking Y2k DC Admin password Hiten Pankhania (Sep 25)
- Re: RE: cracking Y2k DC Admin password philippe (Sep 25)
- cracking Y2k DC Admin password Steve Armstrong (Sep 25)