Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Password Crack an OU in Windows 2003

From: Matthew Webster <awakenings () mindspring com>
Date: Wed, 10 Oct 2007 13:33:02 -0400 (EDT)
Folks,

    I performed an LDAPquery and listed the users in the OU.  I just used pwdump to collect all of the information from 
the domain then greped out the pertinent hashes.

Thanks,

Matt

-----Original Message-----

From: ben.dexter () act gov au
Sent: Oct 10, 2007 2:44 AM
To: pen-test () securityfocus com
Subject: Re: Re: Password Crack an OU in Windows 2003

No you don't. However, the main issue appears to be cracking a limited subset of the AD database. 

Michael, assuming you have been able to dump the username/hashes from a DC to a file could you just get a listing of 
the appropriate users (net group? I'm going on a leap of faith that they will all have at least one group in common as 
they are all in the same OU, or use Hyena etc) and filter out all of the other username/hashes prior to cracking?

Ben.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------






------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: