Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Cracking a Stolen SAM
From: "Gallicchio, Florindo (2007)" <florindo.gallicchio () ESAVIO COM>
Date: Tue, 7 Nov 2000 20:15:19 -0500

Thanks to all who responded via the list and personally.

I apologize for asking something that was covered previously.  I couldn't
find it in my rush to get an answer on my own.

Special thanks to Dave Taylor from infosecure.com, who gave me an idea to
try.  I'll post the results if I'm successful.

Florindo 

-----Original Message-----
From: Dunker, Noah
To: PEN-TEST () SECURITYFOCUS COM
Sent: 11/7/00 6:52 PM
Subject: Re: [PEN-TEST] Cracking a Stolen SAM

This was discussed here, or another securityfocus list
a while ago.  showcode.asp actually eliminates some non-
printable chars needed for it to have the correct
structure.  You'll (as far as I've seen) never be able
to crack it because it's a "damaged" sam file.  I don't
think anyone's been able to fix it, so I'd say the file
is pretty much trashed irreperably, unless you can find
a different way to access the same file.



-----Original Message-----
From: Gallicchio, Florindo (2007)
[mailto:florindo.gallicchio () ESAVIO COM]
Sent: Tuesday, November 07, 2000 1:26 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Cracking a Stolen SAM


Friends:

I'm currently performing a penetration test, and I was able to access
the
SAM file located in the WINNT/repair directory.  Specifically, I
exploited
the showcode.asp vulnerability to "see" the sam._ file in the
\WINNT\repair
directory.  I screen-scraped the relevant contents to a Notepad file,
and
saved it.

Here's where I began to guess.  First, I ran the file (I named it sam._)
through l0phtcrack and through the cracker on CyberCop, but it didn't
take.
I then ran the file through the Windows "expand" command, and ran the
resulting file through the tools.  Still nothing.

Here's where I'm stuck.  I'm assuming that there are some funky control
characters in the screen-scrape file that I don't know about.  I tried
some
traffic analysis work on the file, but I quickly got a headache.

Can anyone please help?  Thanks.

Florindo

________________________________________________
Florindo Gallicchio * Director, Security Services *
esävio * 15 Corporate Place South * 3rd Fl. *
Piscataway, NJ 08854 * 732.981.1991 x2007 *
florindo.gallicchio () esavio com
 * Adding Our Strength To Yours *


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]