Re: cracking Y2k DC Admin password

try

- rescue in windows folder and backup sam file from it, it has admin
credentials, johny the riper, LC, and ophcrack will do the job - with hash
tables....
- use cachedump to dump cached credentials on that server, maybe admin was
signed on (default is 5 accounts cached)
- use lsadump2 to dump passwords of running services, maybe some of them is
running with the local admin credentials

Ondrej Krehel, CISSP, CEH




juanbabi@xxxxxxxx
m
Sent by: To
listbounce@securi pen-test@xxxxxxxxxxxxxxxxx
tyfocus.com cc

Subject
09/22/2006 08:45 cracking Y2k DC Admin password
PM









Hi,


for a pen test in doing I got control on the server and logged as the local
admin. know I need to retrive the admin's password this is the goal of the
pen test from the client side. I know an easy way to crack the sam file
with a live linux cd but I cant boot the server it needs to be allways up.
I tried to use pwdump.exe but it tells me he cand find the local ADMIN$
shere. so it wont work.does someone knows a good way to retrive and crack
the admin's password.I an really stuck on this...


thanks very much !

Juan

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW

------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Relevant Pages

  • Re: Cannot use "Run As"
    ... credentials, other wise, If you need to be asked for credentials even if you ... are logged on as an admin, you need to change a group policy stting, it ... 4- Double click this setting and configure it to "Prompt for credentials" ... Which settings I need to check? ...
    (microsoft.public.windows.vista.security)
  • Re: cracking Y2k DC Admin password
    ... IronGeek wrote a cool article about cracking local SAM with SYSKEY: ... >> - rescue in windows folder and backup sam file from it, it has admin ... Cenzic Hailstorm finds vulnerabilities fast. ...
    (Pen-Test)
  • Re: Navigating b/w public and secure pages.
    ... If "secure login" is clicked it prompts for credentials and once ... verified presents the admin pages. ... space) before a header() call. ...
    (comp.lang.php)
  • Re: Navigating b/w public and secure pages.
    ... If "secure login" is clicked it prompts for credentials and once ... verified presents the admin pages. ... space) before a header() call. ...
    (comp.lang.php)
  • Re: Domain admin cant add workstation to the domain ?!?!?!!!
    ... it said that the credentials supplied were not authorized ... to add the workstation to the domain. ... the original admin account. ... I had to supply the original domain admin ...
    (microsoft.public.win2000.security)