Re: Active Directory Pentest



On 30/05/07, Ricardo Mourato <ricardomcm@xxxxxxxxx> wrote:
hi folks, in a costumer network where i'm doing a pentest, i found an
Active Directory Server, this one also runs SQL server 2000 SP1, i've
found that SQL server doenst have a password on the SA account, so it
was easy to get in with NT/SYSTEM, but my question is, where is the AD
users directory located?
tnks in advice

As mentioned, the AD database lives in NTDS.DIT. These files can grow
quite large. Check and see if there's a recovery mode password set to
null - which might get you what you want:

http://support.microsoft.com/kb/271641


--
AdamT
"Waiting for paint to dry or replication to complete is never any fun.
You should also move the mouse around repeatedly until it completes."
--- Al Mulnick

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



Relevant Pages

  • Active Directory Pentest
    ... hi folks, in a costumer network where i'm doing a pentest, i found an ... Active Directory Server, this one also runs SQL server 2000 SP1, i've ...
    (Pen-Test)
  • RE: SSIS Transfer object failure
    ... The problem is the "CopySchema" option it has to be set to ... a SQL Server 2005 SP1 database table to another database; ... I would like to let you know that though SQL Server ... 2005 SP1 has fixed many known issues, there are still some new discovered ...
    (microsoft.public.sqlserver.dts)
  • Re: SQL Server 2005 faulure when updating to SP1
    ... i have installed Sql Server 2000 SP4 also, ... people to install SP1 on a SQL 2005 Server, ... If you were to look at the permissions on the $4IDR files only the Backup ...
    (microsoft.public.sqlserver.setup)
  • Re: How long does the typical DBA wait to apply a SQL Server Service P
    ... I forgot about lock pages in memory on Standard Edition which looks like SP1 ... service packs and CU's. ... that Microsoft fixes in one of their cumulative updates for SQL Server ... we realized there was a service pack after the cumulative update, ...
    (microsoft.public.sqlserver.setup)
  • Re: Access Denied etc. - appears to be Server 2003 SP1 problem
    ... Windows 2003 SP1 so that it has a different ACL. ... Service and Query Lock permissions on the SCM he gets a "Service Control: ... >>I have a two node SQL Server 2000 cluster which I have upgraded to SP4. ...
    (microsoft.public.sqlserver.clustering)