Home page logo

pen-test logo Penetration Testing mailing list archives

From: mount ararat blossom <mountararatblossom () USA NET>
Date: Tue, 14 Nov 2000 22:00:16 EET

Hi there,
as this paper was not detailing NT hacking methods, or WIN2SHIT hacking staff,
i did not mention pwdump2 or other tools which make it easy to
dump sam._ file from winnt/system32/repair/sam._ even if it was SYSKEY ed.
David LeBlanc <dleblanc () mindspring com> wrote:
At 02:40 AM 11/14/2000 EET, mount ararat blossom wrote:
Hi folks,
i have just released another paper about SQL hacking. 
have fun in your pen-tests.
any comments, suggestions or insults....?

Just a minor addition/correction - 

       Another good way of compromising NT account is, as every one of us
knows, reading the sam._ file under  winnt/repair/sam._ and cracking this
hashed password file with our favorite tool LophtCrack. 

       To do this, we will use the extended stored procedure, xp_regread
out of
registry. Below is the function do attain sam._ file
       Xp_regread ‘HKEY_LOCAL_MACHINE’,’SECURITY\SAM\Domains\Account ‘,’F’

If the system has applied syskey, which is default in Win2k, then this
approach will be useless. You'd have to be able to upload other tools,
which you may or may not be able to do.

David LeBlanc
dleblanc () mindspring com

Get free email and a permanent address at http://www.netaddress.com/?N=1

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]