RE: question regarding SAM file / l0phtcrack / pwdump2

From: Beauregard, Claude Q (CQBeauregard@aaamichigan.com)
Date: 12/18/01 

From: "Beauregard, Claude Q" <CQBeauregard@aaamichigan.com>
To: Mike Shaw <mshaw@wwisp.com>, focus-ms@securityfocus.com
Date: Tue, 18 Dec 2001 09:45:08 -0500

Are you sure you attached to the servers as a user with admin rights.
-----Original Message-----
From: Mike Shaw [mailto:mshaw@wwisp.com]
Sent: Monday, December 17, 2001 4:02 PM
To: focus-ms@securityfocus.com
Subject: question regarding SAM file / l0phtcrack / pwdump2

I'm currently in a quandry over a password audit.

The servers are all win2k.

I tried running pwdump2 and pwdump3. They both stop at the blinking cursor
and never report anything back (waited 1.5 hours). After that, the server
becomes unstable after awhile and a reboot is required (which needless to
say made the admin very happy). This happens on workstations too. The
only common thread is norton anti-virus. Anyone else observed this?

I can boot to dos and snag the SAM file, but it seems very old. When I
actually extracted the info it was only the local account info--not domain.
I assume that Active Directory user information is stored differently even
on a PDC?

I've also sniffed the hashes, but this proves way to time consuming. The
double whammy here is when they ask why they have to have secure passwords
when the system seems impervious to the common pw dumping tools.

Has anyone else run into this issue? If so what did you do to get around
it?

-Mike

Relevant Pages

  • RE: question regarding SAM file / l0phtcrack / pwdump2
    ... Pwdump2 does seem to automatically determine where to pull the ... password hashes from, regardless of whether it should be the SAM or NTDS.dit. ... grab NTDS.dit rather than the SAM file. ...
    (Focus-Microsoft)
  • Re: Visual Studio 2005 Web Site <-> Visual Source Safe Problems...
    ... you log on locally with Admin rights because their browser is part of the o/s and has an ActiveX instantiation layer. ... Browsing to ANY internet site while logged in with local Admin rights puts you machine at HIGH RISK of being infected by trojans and SpyWare. ... Still, when switching between websites, it gets to be a bit of a pain to have to create a new website and then add from source safe every time we switch. ... I can't test this fully, because I only have one client machine left with IIS on it, we changed our main .NET 2.0 dev team over to using Cassini which has solved the complications of trying to manage local IIS servers and their security across multiple machines, but the built-in server does have some limitations - if you want to use ISAPI etc. ...
    (microsoft.public.vsnet.general)
  • Re: question regarding SAM file / l0phtcrack / pwdump2
    ... long as I was connected with admin rights, ... The servers are all win2k. ... I tried running pwdump2 and pwdump3. ... only common thread is norton anti-virus. ...
    (Focus-Microsoft)
  • RE: question regarding SAM file / l0phtcrack / pwdump2
    ... Do I run any risk of corrupting my SAM by using PWDUMP3/3e? ... question regarding SAM file / l0phtcrack / pwdump2 ...
    (Focus-Microsoft)
  • Re: Help installing PHP5
    ... I'm new in PHP. ... ApacheThe servers starts wihtout errors. ... the part about adding LoadModule all together. ... Or, since he doesn't have admin rights, he may not be able to set the required permissions. ...
    (comp.lang.php)