Re: NT 4 / W2K Password Extraction

From: Asheesh Laroia (pan-news@asheeshenterprises.com)
Date: 03/27/02

• Next message: Asheesh Laroia: "Re: deny access to users trying to install s/w on NT4 workstations"
• Previous message: Rennie Taman: "Object access failure"
• In reply to: Mike: "Re: NT 4 / W2K Password Extraction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Asheesh Laroia <pan-news@asheeshenterprises.com>
Date: Wed, 27 Mar 2002 20:20:52 GMT

And remember, anyone can get administrative rights by running DebPloit on
any WinNT4 or Win2K box (http://www.everything2.com/?node=debploit), a
local root exploit MS hasn't patched yet.

If you need help, email me or post a followup. A simple script can then:

1. Get admin privileges
2. Dump the SAM to a file (preferably a remote computer, like by an FTP)
3. Tell the remote computer to get cracking

-- Asheesh.

On Tue, 26 Mar 2002 06:54:26 -0500, Mike wrote:

> dave@fraleigh.net (Dave Fraleigh) wrote in
> <22f677f.0203251149.473e023b@posting.google.com>:
>
>>Hi All,
>>
>>I've read through most of this newsgroup and seen most of the responses
>>regarding password extraction by using the SAM.
>>
>>Here's my problem: I'm supposed to be learning how to harden systems to
>>a point where they're not vulnerable to cracker attacks. I need to know
>>how to grab a password list file from either an NT4sp5+ or W2Ksp1+
>>server and hit it with some sort of crack program that will tell me the
>>accounts which are using "weak" passwords.
>>
>>Anybody have any ideas? I've tried using l0phtcrack against a brand new
>>ERD backup of the SAM for both types of systems, and haven't had much
>>luck.
>>
>>Oh, and I'd like to do this without spending tons of money.
>>
>>Thanks in advance,
>>Dave
>>
>>
> If you've administrative rights, you can use pwdump2 (local) or pwdump3
> (remote) to extract the hashes from the SAM in RAM. Then you can use LC3
> (commercial) or John The Ripper for Windows/DOS (free), perhaps with
> NTLM support (you must know how to patch and compile C code using
> Cygwin, or use a Linux box), to test password strenght. Cheers,
>
> Mike

---

• Next message: Asheesh Laroia: "Re: deny access to users trying to install s/w on NT4 workstations"
• Previous message: Rennie Taman: "Object access failure"
• In reply to: Mike: "Re: NT 4 / W2K Password Extraction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: NT 4 / W2K Password Extraction ... >responses regarding password extraction by using the SAM. ... I'm supposed to be learning how to harden systems ... (comp.os.ms-windows.nt.admin.security) NT 4 / W2K Password Extraction ... responses regarding password extraction by using the SAM. ... I'm supposed to be learning how to harden systems ... (comp.os.ms-windows.nt.admin.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.ms-windows.nt.admin.security  > 2002-03