Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Hard-coded passwords in WINNT directory?
From: Times Enemy <te () RIGHTARM ORG>
Date: Mon, 27 Nov 2000 17:12:08 -0700

On Mon, 27 Nov 2000, Jonathan Wrathall wrote:

During a test of a client's IIS web server, I've encountered the following

1.  I am able to view files in the WINNT directory using the "MS Index
Server '%20' ASP Source Disclosure Vulnerability" vulnerability.

2. I am able to connect to IPC$, and I've used dumpsec to get the userlist

3. The winnt/system32/repair/sam._ file does not appear to be present.

Can anyone suggest other files that might reveal hard-coded passwords, or
other valuable information?

"Hard-coded," um, *.pwl , and perhaps evel *.ini files, depending....


I would imagine one could view the various suite(s), applications
installed [/program files/, etc.], and determine if the installed
applications, assuming they are actively being used (not nec. real-time),
offer password caches of any form.  MS-WORD, WP, et cetera, files can
offer paswords.

Jonathan Wrathall, BCom
Security Consultant

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]