mailing list archives
From: Matt Gardenghi <mtgarden () gmail com>
Date: Fri, 16 Apr 2010 08:57:08 -0400
I've been fighting with a problem and was hoping that someone would be
able to assist me. I've successfully compromised an administrative
account on a 2003 SP2 box (Domain Admin account). Using those
credentials, I executed a meterpreter payload. I then used 'getsystem'
to up the privs further before running hashdump. Hashdump failed. I
reran the payload ensuring that the "limited privs" checkbox was
disabled. Same failure.
I tried the latest fgdump from a remote location, no luck though. I
packed the fgdump and uploaded it to the box and executed it locally.
That time it got the cache, but not the password list.
Why would this be failing? It seems as if MS has changed something to
fight back. Also, I've been unable to open a shell on the box, once
I've elevated my privs to system: execute -f cmd.exe -c -t .
Any pointers would be helpful. Thanks.
- Hashdump Matt Gardenghi (Apr 16)