Home page logo

pen-test logo Penetration Testing mailing list archives

Re: SAM user dump
From: "J. Theriault" <administrator () maginetworks com>
Date: Sat, 17 Sep 2005 12:25:11 +0200

DokFLeed wrote:
I am looking for a way to dump the SAM hashes by USER account. assume the box doesn't have CD or Floppy to boot from. No repair files , or Registry SAM hashes available.

any tools to dump the hashes for user from a cmd console
or should we start coding one !


As I don't know of any tools that would allow you to do this, why not just combine pwdump with an exploit into one package?

I've used the package method a few times, along the lines of:
BATCH file calls EXPLOIT;
EXPLOIT gives access as SYSTEM;
SYSTEM then executes PWDUMP;
PWDUMP dumps passwords to FILE;
FILE is immediately sent to a remote email server via BMAIL;
BATCH executes a second BATCH(2);
BATCH(2) fills all other files with garbage, deletes them(;), and
calls AT;
AT deletes BATCH(2) and removes the directory.

If you put that package as a self-extracting silent zip package that auto-executes the first batch file silently and call it via a download-and-execute exploit just as with the JPEG GDI+ vuln, then it can be instigated automatically.

The compressed package is about ~90KB when self-extracting.

J. Theriault
administrator () maginetworks com

Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]