Re: Unwanted programs on Win2K
From: Kamran Muzaffer (kmahmed@cyber.net.pk)
Date: 02/05/03
- Previous message: James Kelly: "RE: System information gathering"
- In reply to: Gedi: "RE: Unwanted programs on Win2K"
- Next in thread: Pez Mohr: "Re: Unwanted programs on Win2K"
- Reply: Pez Mohr: "Re: Unwanted programs on Win2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kamran Muzaffer" <kmahmed@cyber.net.pk> To: "Gedi" <gediintheuk@yahoo.co.uk>, <security-basics@securityfocus.com> Date: Wed, 5 Feb 2003 09:33:51 +0500
Hi Gedi,
I tried to _crack_ a .SAM file located in c:\WINNT\repair with LC4, but it
only shows Administrator and guest accounts and those are not the current
passwords either. I think windows saves the initial copy of the password
database there. That's the very reason why I think its not that dangerous to
leave that file there ( may be as a backup ) because if it is so simple to
recover all the Windows passwords, than curing it, would have been the first
step in all Win security manuals.
If am wrong then kindly let me know the work around to get my box secured
from this *hole* :)
-Regards,
-=Kamran
----- Original Message -----
From: "Gedi" <gediintheuk@yahoo.co.uk>
To: <security-basics@securityfocus.com>
Sent: Tuesday, February 04, 2003 10:42 PM
Subject: RE: Unwanted programs on Win2K
Hi Ahaly
There are many ways to do get the result you want.
However, the easiest is to crack the .SAM file.
The .SAM file is locked under operating running
conditions. If your admins are usless you may be lucky
and find a backup copy in the repair folder
(c:\WINNT\repair)
However, the .SAM file resides in
C:\WINNT\system32\config and you will need to grab a
copy of this to take home and crack. For this you will
need a copy of NTFSDOS (I'm assuming the file system
is NTFS) You can boot from this OS and navigate to
this folder take a copy and take it home to crack with
a program like l0phtcrack (LC4)
There are many programs that can extract hashes
however I could go on forever naming them all and
there different methods.
Privilidge escalation via progs like user2sid etc.....
The book Tim mentioned is a must read for any security
admin. I also have the hacking linux, 3rd edition and
web applications. Its good reading, and even great
hackers can pick up a few tips.
However, you can find yourself in deep trouble if you
are caught doing anything mentioned or similar. If you
want to be a hacker, its best to learn on your own
network (until you become proficient ;) )
Gedi
-----Original Message-----
From: Tim Donahue
[mailto:TDonahue@haynesconstruction.com]
Sent: 03 February 2003 19:09
To: 'ahaly@softhome.net'
Cc: security-basics@securityfocus.com
Subject: RE: Unwanted programs on Win2K
I recommend the book Hacking Windows 2000 Exposed
(ISBN 0072192623) it is an
book that covers many vunerabilites on a Windows 2000
based computer.
Tim Donahue
> -----Original Message-----
> From: ahaly@softhome.net [mailto:ahaly@softhome.net]
> Sent: Saturday, February 01, 2003 6:38 PM
> To: security-basics@securityfocus.com
> Subject: Unwanted programs on Win2K
>
>
>
>
> Hey,
>
>
>
> This question is not from an admin but a end-user. I
am doing
> my studies
>
> in a big university and we have many Win2K machines
in our labs and
>
> library.
>
>
>
> Sometimes I find applications like Yahoo and MSN
Messenger
> installed on
>
> these machines. I have also sometimes seen things
like Kazaa.
> Technically
>
> these are not supposed to be there. As in only the
apps that
> are installed
>
> by admins are supposed to be there and the above
mentioned
> apps are not
>
> part of the admin list of apps. When I try to
install an
> application, I
>
> get an error saying that I don't have privileges. I
know I don't have
>
> privileges but there is someone out there who has
found a way
> to bypass
>
> the restrictions.
>
>
>
> Question: How can someone bypass restrictions in
Win2k to
> install software
>
> when he doesn't have proper privileges?
>
> Reason for asking question: If someone can install
Kazaa,
> someone can also
>
> install a keyreader or something like that.
>
> Maybe I am paranoid, but everytime I login, maybe I
am
> telling someone -
>
> hey, this is my passwrd.
>
>
>
>
>
> Ahaly
__________________________________________________
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com
- Next message: MOHESOWA BYAS: "RE: System information gathering"
- Previous message: James Kelly: "RE: System information gathering"
- In reply to: Gedi: "RE: Unwanted programs on Win2K"
- Next in thread: Pez Mohr: "Re: Unwanted programs on Win2K"
- Reply: Pez Mohr: "Re: Unwanted programs on Win2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
