Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Encrypted SAM file
From: "Beauregard, Claude Q" <CQBeauregard () aaamichigan com>
Date: Fri, 29 Jun 2001 10:10:22 -0400
Interesting problem. 

I was trying to use pwdump3 to download the hashes from an NT server. The
problem is that this server will not allow access to the admin share.
However I was able to gain access to the C$ using Hyena and a admin
equivalent user account which also does not have access to the admin share.
I was able to access the repair directory and get the compressed sam and
expanded it. The file appears to be encrypted using the Syskey. Any ideas on
how to get pass the encryption. I thought that there was a way to use
pwdump3 to do this but its looking for a server name not a file name.

--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

  By Date           By Thread  

Current thread:
  • Encrypted SAM file Beauregard, Claude Q (Jun 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]