Re: Syskey prevents dumping of SAM or Active Directory

From: karl [x y] (jamescagney90210@excite.com)
Date: 08/14/02

• Next message: Ritchie: "Re: Syskey prevents dumping of SAM or Active Directory"
• Previous message: Tom Rodman: "ACL/ACE ? about Container Inherit / Inherit Only"
• In reply to: Christoph Kaminski: "Re: Syskey prevents dumping of SAM or Active Directory"
• Next in thread: Ritchie: "Re: Syskey prevents dumping of SAM or Active Directory"
• Reply: Ritchie: "Re: Syskey prevents dumping of SAM or Active Directory"
• Reply: Christoph Kaminski: "Re: Syskey prevents dumping of SAM or Active Directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "karl [x y]" <jamescagney90210@excite.com>
Date: Wed, 14 Aug 2002 11:51:51 -0400

... plus I believe if the system is compromised, pwdump3 /l0phtcrack and
other methods can still be installed and run locally to obtain the SAM. I
believe this works no matter which syskey method is selected.

"Christoph Kaminski" <chriz@gmx.net> wrote in message
news:#VonsE6QCHA.1644@tkmsftngp13...
> Syskey is still no perfect protection, since by default the syskey is
stored
> on disk and can be recovered. Only syskeys stored on floppy disk or
entered
> on system boot provide reasonable secure protection.
>
> "Ritchie" <fqplkweyugujqwf456@hotmail.com> schrieb im Newsbeitrag
> news:ajdoje$1b3ebk$1@ID-156657.news.dfncis.de...
> > Hi All,
> > Would I be correct in saying the following? :-
> >
> > If you don't have administrative access to a W2K machine, you could
still
> dump the
> > SAM or AD database, but it wouldn't be much use to an attacker because
the
> data has
> > been encrypted by Syskey and therefore running it through a PW cracker
> would be a
> > waste of time. Unlike NT4 (pre-syskey) where it was possible to boot
from
> a floppy,
> > copy the SAM and then crack the passwords.
> >
> > --
> > Ritchie
> > Undo address for mail
> >
> >
>
>

• Next message: Ritchie: "Re: Syskey prevents dumping of SAM or Active Directory"
• Previous message: Tom Rodman: "ACL/ACE ? about Container Inherit / Inherit Only"
• In reply to: Christoph Kaminski: "Re: Syskey prevents dumping of SAM or Active Directory"
• Next in thread: Ritchie: "Re: Syskey prevents dumping of SAM or Active Directory"
• Reply: Ritchie: "Re: Syskey prevents dumping of SAM or Active Directory"
• Reply: Christoph Kaminski: "Re: Syskey prevents dumping of SAM or Active Directory"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Syskey ... > I have a question about the syskey utility..does it encrypt the SAM ... SAM database but if you move it off the system, ... Here's more info on the syskey and what it does. ... (microsoft.public.win2000.active_directory) RE: two questions that need answering ... that you can't just yank the SAM and start cracking when SYSKEY is installed ... The password portion of the SAM is now encrypted by a "stronger" ... If you want to get the real password hashes, then you need to use a tool ... Windows 2000 systems, as Windows 2000 uses ... (Focus-Microsoft) RE: Syskey on Win2k ... into a txt file and then just import the dumped sam into LC4 ... Subject: Syskey on Win2k ... > since I know Syskey is supposed to be 128 encryption. ... 'Syskey thwarts this attack by encrypting the SAM database using strong ... (Security-Basics) Re: SysKey ... pass the decrypted hashes back to the online SAM or DC ... Also there is some Microsoft webcast about this passwords ... >protected with syskey other than default level, ... >ten minutes by first resetting the administrator password ... (microsoft.public.win2000.security) Re: Do I need to use the SysKey utility to enhance the security? ... Syskey is used to protect the local sam on a computer. ... password at boot up or floppy disk to access the operating system at start ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint