Re: question regarding SAM file / l0phtcrack / pwdump2

From: Matt.Carpenter@alticor.com
Date: 12/17/01 

To: mshaw@wwisp.com
From: Matt.Carpenter@alticor.com
Date: Mon, 17 Dec 2001 16:42:15 -0500

I ran pwdump (I believe it was version 3) on a Win2k server recently andas
long as I was connected with admin rights, it pulled the SAM immediately
and I was able to run l0phtcrack (which indeed took a while) and decrypt
most everything within a relatively short amount of time. I did NOT do the
NTFS-DOS route, so I am not certain about that issue.

                                                                                                                   
                    Mike Shaw
                    <mshaw@wwisp. To: focus-ms@securityfocus.com
                    com> cc:
                                         Subject: question regarding SAM file / l0phtcrack / pwdump2
                    12/17/2001
                    04:01 PM
                                                                                                                   
                                                                                                                   

I'm currently in a quandry over a password audit.

The servers are all win2k.

I tried running pwdump2 and pwdump3. They both stop at the blinking cursor

and never report anything back (waited 1.5 hours). After that, the server
becomes unstable after awhile and a reboot is required (which needless to
say made the admin very happy). This happens on workstations too. The
only common thread is norton anti-virus. Anyone else observed this?

I can boot to dos and snag the SAM file, but it seems very old. When I
actually extracted the info it was only the local account info--not domain.

I assume that Active Directory user information is stored differently even
on a PDC?

I've also sniffed the hashes, but this proves way to time consuming. The
double whammy here is when they ask why they have to have secure passwords
when the system seems impervious to the common pw dumping tools.

Has anyone else run into this issue? If so what did you do to get around
it?

-Mike

Relevant Pages

  • question regarding SAM file / l0phtcrack / pwdump2
    ... I'm currently in a quandry over a password audit. ... The servers are all win2k. ... I tried running pwdump2 and pwdump3. ... only common thread is norton anti-virus. ...
    (Focus-Microsoft)
  • Re: Visual Studio 2005 Web Site <-> Visual Source Safe Problems...
    ... you log on locally with Admin rights because their browser is part of the o/s and has an ActiveX instantiation layer. ... Browsing to ANY internet site while logged in with local Admin rights puts you machine at HIGH RISK of being infected by trojans and SpyWare. ... Still, when switching between websites, it gets to be a bit of a pain to have to create a new website and then add from source safe every time we switch. ... I can't test this fully, because I only have one client machine left with IIS on it, we changed our main .NET 2.0 dev team over to using Cassini which has solved the complications of trying to manage local IIS servers and their security across multiple machines, but the built-in server does have some limitations - if you want to use ISAPI etc. ...
    (microsoft.public.vsnet.general)
  • RE: question regarding SAM file / l0phtcrack / pwdump2
    ... Are you sure you attached to the servers as a user with admin rights. ... I tried running pwdump2 and pwdump3. ... I can boot to dos and snag the SAM file, ...
    (Focus-Microsoft)
  • Re: Help installing PHP5
    ... I'm new in PHP. ... ApacheThe servers starts wihtout errors. ... the part about adding LoadModule all together. ... Or, since he doesn't have admin rights, he may not be able to set the required permissions. ...
    (comp.lang.php)
  • RE: Putting 2003 servers on the domain
    ... Depends on what these servers are doing. ... then they must have some Admin rights. ... > We are a software company with many wise engineers on board. ... > under our main productional domain or it really does not matter as the ...
    (microsoft.public.windows.server.general)