Re: Password audit in 2008 DC

---

• From: Nikhil Wagholikar <visitnikhil@xxxxxxxxx>
• Date: Fri, 16 Apr 2010 10:24:44 +0530

---

Hello Adrian,

Helix has utilities to dump SAM file. You can run it on the Microsoft
Windows 2008 DC and safely dump the local SAM file to a normal TXT
file.

---
Nikhil Wagholikar
Practice Lead | Security Assessments & Digital Forensics
Network Intelligence India Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://iisecurity.in/courses/Training Calendar.html

On 15 April 2010 06:42, Adrian Rodriguez <adrian.rodriguez@xxxxxxxxxxxx> wrote:

Hello,

I have a client that requires a password audit to it´s DC that is on a
win 2008 server system.
Due to the criticity of the service, the client does not allow the
execution of a non proven tool to do the task.

I´m trying to do a simple SAM dump on ths system but I need to know for
sure it´ll work and won´t cause a DOS.

I looked for documentation on fgdump and pwdump7. But I find some
contradicting info stating that the tools will only work as for
extracting the local SAM and not the hole Active Directory.

Does anyone have had a similar case? or a trully working experience in
this? Will this tools affect the service since the Win2008 security
responds differently to the tools dll or service?

Tnx in advance.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

---

• References:
  • Password audit in 2008 DC
    • From: Adrian Rodriguez

• Prev by Date: Password audit in 2008 DC
• Next by Date: [Tool] ReFrameworker 1.1
• Previous by thread: Password audit in 2008 DC
• Next by thread: [Tool] ReFrameworker 1.1
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Format of SAM File ... This is what is in the hash: ... Looking for a reference that describes the format of the windows SAM ... file", "understand windows SAM file", and other related searches have ... Information Assurance Certification Review Board ... (Pen-Test) RE: Format of SAM File ... decent explanation of the pwdump output. ... Subject: Format of SAM File ... Looking for a reference that describes the format of the windows SAM ... Information Assurance Certification Review Board ... (Pen-Test) Re: Password Decoding ... SYSTEM and SAM file off the disk, dump the SYSKEY and then use that to ... (alt.computer.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2010-04