Re: Problems with Pwdump3e

From: jklemenc@fnal.gov
Date: 01/29/03

  • Next message: Gabriel Aguilera: "RE: Win2k log management" 
    To: Davide Grangia <davidegrangia@email.it>
From: jklemenc@fnal.gov
Date: Wed, 29 Jan 2003 11:01:08 -0600

    Probably because Pwdemp3e uses the NetQueryDisplayInformation to enumerate
    the users (many others do as well - it is a fast enumerator). However, MS
    imposed a limit as to how many items can be returned with that call against
    an W2K/XP/Active Directory, and recommends other ADSI functions instead for
    performance reasons. Instead, I use the NetUserEnum function along with a
    LARGE premaxlen buffer (like 16777216) to be able to grab a very large
    list. This does have a drawback of taking a long time. Maybe the author of
    Pwdump3e can change the enumeration function to either usr ADSI functions
    or possibly use the NetUserEnum with a user-defined size?

    |---------+---------------------------->
    | | Davide Grangia |
    | | <davidegrangia@em|
    | | ail.it> |
    | | |
    | | 01/29/2003 03:42 |
    | | AM |
    | | |
    |---------+---------------------------->
    >------------------------------------------------------------------------------------------------------------------------------|
      | |
      | To: focus-ms@securityfocus.com |
      | cc: |
      | Subject: Problems with Pwdump3e |
    >------------------------------------------------------------------------------------------------------------------------------|

    Hi, I have some problems using Pwdump3e, a freeware tool of Polivec that

    works whit LC4. This simple tool extract password hashes from a remote

    NT/2000 system.

    My domain controller Windows 2000 has about 10,000 accounts, but Pwdump3e

    extracts only a few (about 200) and I don't know why.

    Once I have received the follow message "Service Failed: 1058".

    Can you help me? I need to extract ALL accounts from the domain

    controller.

    Thanks, Davide

    • Quantcast