Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] Hard-coded passwords in WINNT directory?

Re: [PEN-TEST] Hard-coded passwords in WINNT directory?

From: Andreas Junestam <andreas.junestam_at_DEFCOM-SEC.COM>
Date: Wed, 29 Nov 2000 08:24:58 +0000

Sorry, I know this is somewhat of topic, but it just struck me that this
doesn't seem to be common knowledge. When you run rdisk /s you should add a
minus after the s, which will suppress the floppy disk question. So, try
rdisk /s- instead....

Regards
andreas

At 12:33 2000-11-28 -0600, you wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>With RDS, you can rdisk.exe /s the system, then issue a command to
>copy the repaired sam to the www_root directory, then download it.
>
>OR
>
>Using RDS, enter echo commands to create an FTP script to upload the
>SAMto an FTP host. That same FTP script can also be used to get
>Netcat or any other just as suitable ( I prefer the NT SSH server )
>and configure your listenting port, and execute commands as you
>desire.
>
>- -----Original Message-----
>From: Loschiavo, Dave [mailto:DLoschiavo_at_FRCC.CC.CA.US]
>Sent: Tuesday, November 28, 2000 09:27
>To: PEN-TEST_at_SECURITYFOCUS.COM
>Subject: Re: [PEN-TEST] Hard-coded passwords in WINNT directory?
>
>
>How about in cases where null session enumeration isn't possible
>(firewall,
>RestrictAnonymous, etc) but where you can get to c:\winnt\repair (via
>RDS,
>Unicode, etc) and the sytem is running a FAT partition?
>
>How would you go about sifting the registry for account names and
>passwords
>where services are using impersonation?
>
>- -----Original Message-----
>From: Tom Vandepoel
>To: PEN-TEST_at_SECURITYFOCUS.COM
>Sent: 11/28/00 3:22 AM
>Subject: Re: [PEN-TEST] Hard-coded passwords in WINNT directory?
>
>[snip]
>
>No doubt other interesting tidbits are stored in the registry. The
>question is how much you can access with a null session ofcourse...
>
>Tom.
>
>
>- --
>_________________________________________________
>
>Tom Vandepoel
>Sr. Network Security Engineer
>
>www.ubizen.com
>tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00
>Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium
>_________________________________________________
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
>
>iQA/AwUBOiP6iSxWbJ8NNDpjEQKBYACgkUNF2UO8ykyHqoKhcvK32s8hWAsAniL3
>qJaH8rVLsjfh7MW3PpukwB/k
>=ao6w
>-----END PGP SIGNATURE-----
Received on Nov 30 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]