Re: AD password Auditing

From: Joel Folkerts (jfolkert_at_hiwaay.net)
Date: 08/07/05

Next message: AdamT: "Re: What are some good sources to keep me up top :) ?"

Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: What are some good sources to keep me up top :) ?"
In reply to: Joe Traband: "Re: AD password Auditing"
Next in thread: Brooks, Shane: "FW: AD password Auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 06 Aug 2005 23:19:26 -0400
To: Joe Traband <jtraband@truarx.com>

A very handy tool that I've used with excellent results is a small
program called SAMInside (http://www.insidepro.com/eng/saminside.shtml).
Prior to XP SP2 (I also suspect 2003/SP1) you could import the SAM with
SYSKEY on the fly. The FAQ provides some alternatives for obtaining the
SAM file from a system
(http://www.insidepro.com/eng/saminside.shtml#510). A few notes about
the program -- worth every single penny. Allows you to run in a pseudo
distributed mode allowing for a very powerful cracking solution (~46
million passwords/sec on a small medium size blade server). Definitely a
worthy tool to add to the arsenal.

-Joel

Joe Traband wrote:

>You are looking for the SAM file, but I'm sure you've found out that you
>can't just copy the SAM file off a running machine. There are two ways
>to get the SAM file.
>
>1) Get the backed up SAM file (only can be done if a boot disk was made
>with the right options selected) Or
>2) Boot into some variant of Linux and get the SAM file
>
>A good tutorial, with step-by-step instructions can be found at
>http://www.irongeek.com/i.php?page=security/localsamcrack2
>
>After you have the SAM file, you'll want to run John the Ripper or LC3
>(LC5 if you have some money) against the file.
>
>I have yet to find a way to copy the SAM file off a running server. If
>anyone can do that, please let me know!
>
>-Joe
>
>-----Original Message-----
>From: Lohan Spies [mailto:lohan.spies@ifs-sa.co.za]
>Sent: Friday, August 05, 2005 7:43 AM
>To: 'pen-test@securityfocus.com'
>Subject: AD password Auditing
>
>Hi there,
>
>I want to know how can I copy the AD (Active Directory) database so that
>I can run a password cracking tool against the accounts?
>
>Could someone please point me in the right direction regarding the tools
>to use and how to copy the db?
>
>Thanks
>
>------------------------------------------------------------------------
>------
>FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You
>Don't
>
>Learn the hacker's secrets that compromise wireless LANs. Secure your
>WLAN by understanding these threats, available hacking tools and proven
>countermeasures. Defend your WLAN against man-in-the-Middle attacks and
>session hijacking, denial-of-service, rogue access points, identity
>thefts and MAC spoofing. Request your complimentary white paper at:
>
>http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
>------------------------------------------------------------------------
>-------
>
>
>------------------------------------------------------------------------------
>FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
>Learn the hacker's secrets that compromise wireless LANs. Secure your
>WLAN by understanding these threats, available hacking tools and proven
>countermeasures. Defend your WLAN against man-in-the-Middle attacks and
>session hijacking, denial-of-service, rogue access points, identity
>thefts and MAC spoofing. Request your complimentary white paper at:
>
>http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
>-------------------------------------------------------------------------------
>
>
>
>
>

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

Next message: AdamT: "Re: What are some good sources to keep me up top :) ?"

Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: What are some good sources to keep me up top :) ?"
In reply to: Joe Traband: "Re: AD password Auditing"
Next in thread: Brooks, Shane: "FW: AD password Auditing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: MS05-039 Scanner
... > Learn the hacker's secrets that compromise wireless LANs. ... > WLAN by understanding these threats, available hacking tools and proven ... Request your complimentary white paper at: ...
(Pen-Test)
RE: All of the things you need to learn to be a pen-tester (Re: Pen t est basic needs)
... I would use term compliment to Nessus for Retina, ... >> Learn the hacker's secrets that compromise wireless LANs. ... > Secure your WLAN by understanding these threats, ... Request your complimentary white paper at: ...
(Pen-Test)
RE: AD password Auditing
... local SAM file is not going to store the AD users info. ... > hacking tools and proven countermeasures. ... Defend your WLAN ... Request your complimentary white paper at: ...
(Pen-Test)
RE: AD password Auditing
... You are looking for the SAM file, but I'm sure you've found out that you ... I have yet to find a way to copy the SAM file off a running server. ... FREE WHITE PAPER - Wireless LAN Security: ... WLAN by understanding these threats, ...
(Pen-Test)
Re: AD password Auditing
... You are looking for the SAM file, but I'm sure you've found out that you ... FREE WHITE PAPER - Wireless LAN Security: ... WLAN by understanding these threats, ... FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't ...
(Pen-Test)