On Thu, 23 Nov 2000, Quek, Wei (CA - Calgary) wrote:
> i remember seeing a demo at blackhat where some guys were able to dump an nt
> password hash from memory and then reloading it with a different one loaded
> from pwdump and using it to log in remotely into another server. here's how
> it works;
>
> 1) run pwdump on victim machine to retrieve password hashes for say User1
> 2) create an account on your local machine called User1 and log into it
> interactively.
> 3) run this tool on your local machine to unload the password hash for User1
> and replacing it with the password hash from pwdump.
> 4) net use to the remote victim machine as User1 with the victim password
> hash.
>
> does anyone have more information on this?
>
> WEi
>
The demo you saw was (I think) by Foundstone. The actual tool was
developed and written by CORE SDI. I heard talk at one point about them
planning to release the tool to the public.
Alfred Huger
VP of Engineering
SecurityFocus.com
Received on Nov 24 2000
Intro
