Re: cracking Y2k DC Admin password
- From: Machiavel <pierreluc.giguere@xxxxxxxxx>
- Date: Wed, 27 Sep 2006 20:10:39 -0400
Hi!
IronGeek wrote a cool article about cracking local SAM with SYSKEY:
http://www.irongeek.com/i.php?page=security/vistasamcrack
The above article is about Windows Vista Beta 2 but it also links to
other articles he wrote about the same topic.
Cheers
Machiavel
On 9/27/06, Hari Sekhon <hpsekhon@xxxxxxxxxxxxxx> wrote:
Hi,
I've found cachedump to be reliable in the past, lsadump caused some
crashing problems for me at the time so I didn't use it.
Could somebody tell me how to go about retrieving the hashes from the
offline sam file. Is there a way? And if so what form do the hashes come
in, DES?
Thanks
-h
--
Hari Sekhon
On 9/25/06, s-williams@xxxxxxxxxx <s-williams@xxxxxxxxxx> wrote:
>> Or if you go to the %systemroot%repair in that folder you should see
>> a backup of the sam and the system file feed that to lcp, saminside,
>> lc5, anyone and you have your passwords.
>> Sent via BlackBerry from T-Mobile
>>
>> -----Original Message-----
>> From: okrehel@xxxxxxxxx
>> Date: Mon, 25 Sep 2006 11:20:46
>> To:juanbabi@xxxxxxxxx
>> Cc:listbounce@xxxxxxxxxxxxxxxxx, pen-test@xxxxxxxxxxxxxxxxx
>> Subject: Re: cracking Y2k DC Admin password
>>
>> try
>>
>> - rescue in windows folder and backup sam file from it, it has admin
>> credentials, johny the riper, LC, and ophcrack will do the job - with
>> hash
>> tables....
>> - use cachedump to dump cached credentials on that server, maybe
>> admin was
>> signed on (default is 5 accounts cached)
>> - use lsadump2 to dump passwords of running services, maybe some of
>> them is
>> running with the local admin credentials
>>
>> Ondrej Krehel, CISSP, CEH
>>
>>
>>
>>
>> juanbabi@xxxxxxxx
>> m
>> Sent
>> by: To
>> listbounce@securi pen-test@xxxxxxxxxxxxxxxxx
>>
>> tyfocus.com cc
>>
>>
>> Subject
>> 09/22/2006 08:45 cracking Y2k DC Admin password
>> PM
>>
>>
>>
>>
>> Hi,
>>
>>
>> for a pen test in doing I got control on the server and logged as the
>> local
>> admin. know I need to retrive the admin's password this is the goal
>> of the
>> pen test from the client side. I know an easy way to crack the sam file
>> with a live linux cd but I cant boot the server it needs to be
>> allways up.
>> I tried to use pwdump.exe but it tells me he cand find the local ADMIN$
>> shere. so it wont work.does someone knows a good way to retrive and
>> crack
>> the admin's password.I an really stuck on this...
>>
>>
>> thanks very much !
>>
>> Juan
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
- References:
- cracking Y2k DC Admin password
- From: juanbabi
- Re: cracking Y2k DC Admin password
- From: okrehel
- Re: cracking Y2k DC Admin password
- From: s-williams
- Re: cracking Y2k DC Admin password
- From: Devin Ertel
- Re: cracking Y2k DC Admin password
- From: Hari Sekhon
- cracking Y2k DC Admin password
- Prev by Date: Using public LDAP directories for attack preparation
- Next by Date: Re: cracking Y2k DC Admin password
- Previous by thread: Re: cracking Y2k DC Admin password
- Next by thread: Re: cracking Y2k DC Admin password
- Index(es):
Relevant Pages
|
|
