Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Password audits
From: Nicolas RUFF <nicolas.ruff () gmail com>
Date: Sat, 11 Nov 2006 15:12:04 +0100

Indeed most problems are coming from DEP being enabled, as pointed out
before on the list:
http://seclists.org/pen-test/2005/Sep/0229.html

To fix this, just replace:
alloc(..., PAGE_READWRITE);
with:
alloc(..., PAGE_EXECUTE_READWRITE);
in the source.

In my experience, you can also run into trouble when starting PWDUMP
from inside a "SYSTEM" shell, or from a Terminal Server (or Citrix) session.

If "samdump.dll" is blocked at load time by some antivirus, you will
also experience PWDUMP becoming a "dead process" (infinite blocking on
ReadPipe()).

At the end, I would recommend using Cain (with remote Abel server on the
target). It is more stable, DEP-compatible, and not always detected by
antivirus.
http://www.oxid.it/

Regards,
- Nicolas RUFF

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Re: Password audits Nicolas RUFF (Nov 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]