Re: Re: Copying secret windows file
- From: cwright@xxxxxxxxxxxxx
- Date: 27 Dec 2007 19:06:01 -0000
Hi,
Sorry to destroy your sense of insecurity, but this is not the case.
There are a number of methods that may be used to dump SAM in memory. Any user with Debug privilages has effectively full access to memory and many system are set this way). On top of this, there are means to obtain access without authorisation.
Take Meterpreter for instance. This toolset comes with "Sam Juicer". Sam Juicer "slides" over a memory channel as a direct memory injection that leaves no disk or registry evidence (hence my push on memory forensics).
Any memory/LSASS, services channel, direct disk or registry hole can be used to get the SAM. The SAM Juicer uses the first. There are other tools for all the other levels.
Regards,
Dr Craig Wright (GSE-Compliance)
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- Prev by Date: RE: Skype
- Next by Date: Re: RFID cloning and overall security
- Previous by thread: Re: Copying secret windows file
- Next by thread: Rép : VOIP Pen TEST
- Index(es):
Relevant Pages
|
|
