WHERE ARE NT4 OLD PASSWORDS STORED

• Previous message: Hal Dell: "Re: BIND 9 Windows NT / Windows 2000 Binary Kit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 8 Jul 2003 21:33:18 +0100
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Sorry if this bores many of you (being an NT4 question), but I have
seemingly tried every where to get an answer to this question, including MS
tech support etc:
 

Where does NT4 keep the users old passwords when the password history option
is enabled? They must be stored somewhere as how else does the system know
you are using an old password? I have dumped the SAM (to run l0ftCrack
etc), and have yet to find any indication of the old passwords.

 
I want them, or their hashes, so I can crack them before guessing the
current password.
 
Also as I do not believe they are in the SAM, I would also want to closely
audit the location where they are kept. For example if a hacker gets my
users last 10 passwords and finds them using: Firday1!, Saturday"2,
Sunday£3 etc they could probably guess the current password.
 
Any help or avenues of investigation would be gratefully received. Else I
will have to image the whole drive and start checking all files for changes.
 
Cheers
 
Steve Armstrong
 
Steve Armstrong MSc MCSE
 
This email and any associated attachments are intended for the above named
person(s) and may be confidential. If you have received them in error you
must not copy or disclose them to 3rd parties, nor should you take any
action based on their contents; the only action you should take is to
notify the emails' originator of the error by replying to the sender.
 
This email was scanned upon despatch by Norton AntiVirus.
 

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available. And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to

http://www.trusecure.com/offer/s0100/

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

• Previous message: Hal Dell: "Re: BIND 9 Windows NT / Windows 2000 Binary Kit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Alert: Microsoft Security Bulletin - MS03-039 ... The way that Microsoft patched the new RPC Part II vulnerability ... Summer's Hottest Certification Just Got HOTTER! ... To learn more about the TICSA certification, ... (NT-Bugtraq) Firewalls and DCOM ... Never underestimate the lengths to which your users will inadvertently go through to infect a network;)" ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ... (NT-Bugtraq) DCOM worm analysis report: W32.Blaster.Worm ... A Bugtraq user has already pointed out that a worm has been ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ... (NT-Bugtraq) Something changing DNS server settings ... When I looked in the registry of one of the affected computers, ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification exam! ... (NT-Bugtraq) Windows 2000 server issue ... accurately parse the lists of vulnerable machines produced by the scan ... of addresses directly on the script. ... Summer's Hottest Certification Just Got HOTTER! ... you can save 33% off of the TICSA certification ... (NT-Bugtraq)