Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Hard-coded passwords in WINNT directory?
From: Andreas Junestam <andreas.junestam () DEFCOM-SEC COM>
Date: Wed, 29 Nov 2000 08:24:58 +0000

Sorry, I know this is somewhat of topic, but it just struck me that this
doesn't seem to be common knowledge. When you run rdisk /s you should add a
minus after the s, which will suppress the floppy disk question. So, try
rdisk /s- instead....

Regards
andreas

At 12:33 2000-11-28 -0600, you wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

With RDS, you can rdisk.exe /s the system, then issue a command to
copy the repaired sam to the www_root directory, then download it.

OR

Using RDS, enter echo commands to create an FTP script to upload the
SAMto an FTP host. That same FTP script can also be used to get
Netcat or any other just as suitable ( I prefer the NT SSH server )
and configure your listenting port, and execute commands as you
desire.

- -----Original Message-----
From: Loschiavo, Dave [mailto:DLoschiavo () FRCC CC CA US]
Sent: Tuesday, November 28, 2000 09:27
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Hard-coded passwords in WINNT directory?


How about in cases where null session enumeration isn't possible
(firewall,
RestrictAnonymous, etc) but where you can get to c:\winnt\repair (via
RDS,
Unicode, etc) and the sytem is running a FAT partition?

How would you go about sifting the registry for account names and
passwords
where services are using impersonation?

- -----Original Message-----
From: Tom Vandepoel
To: PEN-TEST () SECURITYFOCUS COM
Sent: 11/28/00 3:22 AM
Subject: Re: [PEN-TEST] Hard-coded passwords in WINNT directory?

[snip]

No doubt other interesting tidbits are stored in the registry. The
question is how much you can access with a null session ofcourse...

Tom.


- --
_________________________________________________

Tom Vandepoel
Sr. Network Security Engineer

www.ubizen.com
tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00
Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium
_________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOiP6iSxWbJ8NNDpjEQKBYACgkUNF2UO8ykyHqoKhcvK32s8hWAsAniL3
qJaH8rVLsjfh7MW3PpukwB/k
=ao6w
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault