Penetration Testing mailing list archives
Re: Re: Copying secret windows file
From: cwright () bdosyd com au
Date: 27 Dec 2007 19:06:01 -0000
Hi, Sorry to destroy your sense of insecurity, but this is not the case. There are a number of methods that may be used to dump SAM in memory. Any user with Debug privilages has effectively full access to memory and many system are set this way). On top of this, there are means to obtain access without authorisation. Take Meterpreter for instance. This toolset comes with "Sam Juicer". Sam Juicer "slides" over a memory channel as a direct memory injection that leaves no disk or registry evidence (hence my push on memory forensics). Any memory/LSASS, services channel, direct disk or registry hole can be used to get the SAM. The SAM Juicer uses the first. There are other tools for all the other levels. Regards, Dr Craig Wright (GSE-Compliance) ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Copying secret windows file Clone (Dec 23)
- Re: Copying secret windows file Shreyas Zare (Dec 27)
- Re: Copying secret windows file Marco Ivaldi (Dec 27)
- <Possible follow-ups>
- Re: Copying secret windows file jwbensley (Dec 27)
- Re: Re: Copying secret windows file cwright (Dec 27)