Penetration Testing mailing list archives
Re: Password audit in 2008 DC
From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Fri, 16 Apr 2010 10:24:44 +0530
Hello Adrian, Helix has utilities to dump SAM file. You can run it on the Microsoft Windows 2008 DC and safely dump the local SAM file to a normal TXT file. --- Nikhil Wagholikar Practice Lead | Security Assessments & Digital Forensics Network Intelligence India Pvt. Ltd. [NII Consulting] Web: http://www.niiconsulting.com/ Comprehensive Information Security Training http://iisecurity.in/courses/Training Calendar.html On 15 April 2010 06:42, Adrian Rodriguez <adrian.rodriguez () digiware net> wrote:
Hello, I have a client that requires a password audit to it´s DC that is on a win 2008 server system. Due to the criticity of the service, the client does not allow the execution of a non proven tool to do the task. I´m trying to do a simple SAM dump on ths system but I need to know for sure it´ll work and won´t cause a DOS. I looked for documentation on fgdump and pwdump7. But I find some contradicting info stating that the tools will only work as for extracting the local SAM and not the hole Active Directory. Does anyone have had a similar case? or a trully working experience in this? Will this tools affect the service since the Win2008 security responds differently to the tools dll or service? Tnx in advance. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Password audit in 2008 DC Adrian Rodriguez (Apr 15)
- Re: Password audit in 2008 DC Nikhil Wagholikar (Apr 19)