RE: Sam File via IIS flaw
From: Prashant Meswani (prashant.meswani_at_ukonline.co.uk)
Date: 06/30/05
- Previous message: Erin Carroll: "RE: CEH training"
- In reply to: nordicsmak_at_yahoo.com: "Sam File via IIS flaw"
- Next in thread: skill2die4_at_secguru.com: "Re: Sam File via IIS flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <nordicsmak@yahoo.com>, <pen-test@securityfocus.com> Date: Thu, 30 Jun 2005 13:46:05 +0100
Try using pwdump2
(http://www.bindview.com/Services/RAZOR/Utilities/Windows/pwdump2_readme.cfm
). It's a useful tool that might help you.
Regards,
Prashant Meswani, CEH
The opinions expressed in this email are those of my own and does not
represent those of any organisation or associations to which I belong to
unless stated otherwise.
-----Original Message-----
From: nordicsmak@yahoo.com [mailto:nordicsmak@yahoo.com]
Sent: 28 June 2005 20:03
To: pen-test@securityfocus.com
Subject: Sam File via IIS flaw
During a recent penetration test I've discovered a flaw in the IIS server
that allows me to browse to and view any file on the system.
I'm able to browse to the /winnt/repair/sam file, but it obviously is
unusable in the format that's presented in the browser.
Any way to get this file in a format that can be used in L0pht?
Thanks,
Chris
- Previous message: Erin Carroll: "RE: CEH training"
- In reply to: nordicsmak_at_yahoo.com: "Sam File via IIS flaw"
- Next in thread: skill2die4_at_secguru.com: "Re: Sam File via IIS flaw"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
