Re: cracking Y2k DC Admin password
- From: "Devin Ertel" <devin.ertel@xxxxxxxxx>
- Date: Tue, 26 Sep 2006 12:41:44 -0500
Another way would be to craft a payload for your exploit to use
Meterpreter DLL Inject from metasploit. Then just use gethashes. Dump
the hashes in your favorite cracker. I would suggest rainbow crack if
you got the tables. Saves some time.
On 9/25/06, s-williams@xxxxxxxxxx <s-williams@xxxxxxxxxx> wrote:
Or if you go to the %systemroot%repair in that folder you should see a backup of the sam and the system file feed that to lcp, saminside, lc5, anyone and you have your passwords.
Sent via BlackBerry from T-Mobile
-----Original Message-----
From: okrehel@xxxxxxxxx
Date: Mon, 25 Sep 2006 11:20:46
To:juanbabi@xxxxxxxxx
Cc:listbounce@xxxxxxxxxxxxxxxxx, pen-test@xxxxxxxxxxxxxxxxx
Subject: Re: cracking Y2k DC Admin password
try
- rescue in windows folder and backup sam file from it, it has admin
credentials, johny the riper, LC, and ophcrack will do the job - with hash
tables....
- use cachedump to dump cached credentials on that server, maybe admin was
signed on (default is 5 accounts cached)
- use lsadump2 to dump passwords of running services, maybe some of them is
running with the local admin credentials
Ondrej Krehel, CISSP, CEH
juanbabi@xxxxxxxx
m
Sent by: To
listbounce@securi pen-test@xxxxxxxxxxxxxxxxx
tyfocus.com cc
Subject
09/22/2006 08:45 cracking Y2k DC Admin password
PM
Hi,
for a pen test in doing I got control on the server and logged as the local
admin. know I need to retrive the admin's password this is the goal of the
pen test from the client side. I know an easy way to crack the sam file
with a live linux cd but I cant boot the server it needs to be allways up.
I tried to use pwdump.exe but it tells me he cand find the local ADMIN$
shere. so it wont work.does someone knows a good way to retrive and crack
the admin's password.I an really stuck on this...
thanks very much !
Juan
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
--
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDRSbM89sZcveB9ZcRAqPtAJwNucIAppp55yzvmHAI+YAazttWmgCdHET7
vTWi5ssDn09YyXlhSeofJ3g=
=bf1/
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- Follow-Ups:
- Re: cracking Y2k DC Admin password
- From: Hari Sekhon
- Re: cracking Y2k DC Admin password
- References:
- cracking Y2k DC Admin password
- From: juanbabi
- Re: cracking Y2k DC Admin password
- From: okrehel
- Re: cracking Y2k DC Admin password
- From: s-williams
- cracking Y2k DC Admin password
- Prev by Date: Re: NULL session tools Linux
- Next by Date: Implication of forced http GET request (Web App PT)
- Previous by thread: Re: cracking Y2k DC Admin password
- Next by thread: Re: cracking Y2k DC Admin password
- Index(es):
Relevant Pages
|
