Re: password security

From: Karl Levinson [x y] MVP (
Date: 10/19/02

From: "Karl Levinson [x y] MVP" <>
Date: Sat, 19 Oct 2002 10:49:15 -0400

Just purchase l0phtcrack or visit or search for documentation
on pwdump3 or search google. It's all described in great detail. [I think
it's hard to find the documentation on this at unless you own the
l0phtcrack program, I'm not sure there was a link to it on their web site,
only in the program itself.]

Getting the complete user database from a Windows 2000 domain controller is
more difficult than using pwdump to dump it from an NT domain controller.
pwdump3 documentation has more details. On the other hand, there are other
ways to get password hashes, such as by using the sniffer that is included
in l0phtcrack, by tricking the workstation or user into trying to connect to
your IP address, etc.

Windows 2000 domain controllers do not use a SAM for domain passwords, but I
understand there is a SAM for the local admin password for when booting into
Recovery Console mode, Directory Services Restore mode, or any mode where
Active Directory cannot be used to authenticate users because is not

I have full confidence that you will only be using this knowledge for good
and not for evil.

"Altan" <> wrote in message
> Is their any possible way a domain user from his
> workstation to crack the users passwords from the domain
> controller from his workstation. Without physical access
> to the servers?
> Windows 2k servers and Win 2k workstations

Relevant Pages

  • Re: Replication/Redundancy with Domain Controller
    ... is there any documentation on how that works and how to set it up? ... I am looking for some step-by-step instructions ... replicate Domain Controller to a seperate box. ...
  • Known Issues with installing MOSS on a domain controller
    ... We recommend that you read the Known Issues/Readme documentation before you install Office SharePoint Server 2007 on a domain controller. ... Installing Office SharePoint Server 2007 on a domain controller requires additional configuration steps that are not discussed in this article. ...
  • Password Filtering
    ... I am looking at documentation, etc. for this topic and all ... I see refers to Win NT. ... available on the domain controller? ... development environment is WIN 2000. ...
  • Re: Explanation of Anonymous Named Pipes Security Policy
    ... Stuff like this that has been around for ages it would be nice to have documentation for but seems to be very difficult for MSFT to document because I don't think they know for sure everywhere that it is being used. ... Joe Richards Microsoft MVP Windows Server Directory Services ... There is a separate security policy setting for Anonymous access to shares: ...