Re: windows 2003 server
- From: Nicolas RUFF <nicolas.ruff@xxxxxxxxx>
- Date: Fri, 13 Apr 2007 23:42:38 +0200
Yea if you used pwdump you need admin privledges to dump the hashes. If
you manage to get a reverse shell you can ftp the sam from the repair
folder and the system part of the registry. Then import them into L0pht
or LCP. If I am not mistaken, the sam file is sysked at level 1 by
default for 2k3? Could someone verify that for me?
SYSKEY has been enabled by default since Windows 2000.
By the way, "SYSKEY" and "REPAIR" things are of no use on a Domain
Controller (since the original question was about domain password
policy). All user information (including password) is stored in Active
Directory - namely the "NTDS.DIT" file, which is of undocumented format.
By accessing the SAM file on a Domain Controller, you would gain access
to local accounts that existed on the server before DC promotion. If I
remember well, some emergency utilities (like Directory Restore Mode)
make use of this password, but that's all.
Regards,
- Nicolas RUFF
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
- Prev by Date: Re: SAP Pen-testing - complexity - first ideas
- Next by Date: Re: windows 2003 server
- Previous by thread: Re: SAP Pen-testing - complexity - first ideas
- Next by thread: Re: windows 2003 server
- Index(es):
Relevant Pages
|
|
