Penetration Testing mailing list archives
Re: [PEN-TEST] [Re: MS SQL HACKING]
From: Fernando Cardoso <fernando () BN PT>
Date: Wed, 15 Nov 2000 10:56:03 -0000
The "new" version (April 2000) of pwdump2 will do it, although I haven't tested yet. Check http://www.razor.bindview.com/tools/desc/pwdump2_readme.html for details. Fernando _________________________________________________________ Fernando Cardoso Phone: +351 21 7982186 Network Administrator Fax: +351 21 7982185 National Library E-mail: fernando () bn pt Portugal PGP ID: 28551CB8
At 10:00 PM 11/14/2000 EET, mount ararat blossom wrote: Hi there, as this paper was not detailing NT hacking methods, orWIN2SHIT hacking staff,i did not mention pwdump2 or other tools which make it easy to dump sam._ file from winnt/system32/repair/sam._ even if itwas SYSKEY ed.cheersAnd this doesn't work with W2K and active directory in native mode, the only accounts contained in the sam file are the administrator and guest accounts. L0pht crack won't dump them with admin access either. Anybody run across a tool to dump the users and password hashes from Active Directory yet? I'm guessing this should be easily do-able with admin access since it has to be stored somewhere in AD, but haven't had the time to look into it further yet... Kris Kistler WAN Communications / Security Admin. St. Louis, MO
Current thread:
- Re: [PEN-TEST] [Re: MS SQL HACKING] mount ararat blossom (Nov 15)
- Re: [PEN-TEST] [Re: MS SQL HACKING] David LeBlanc (Nov 15)
- Re: [PEN-TEST] [Re: MS SQL HACKING] krisk (Nov 15)
- <Possible follow-ups>
- Re: [PEN-TEST] [Re: MS SQL HACKING] Fernando Cardoso (Nov 16)
- Re: [PEN-TEST] [Re: MS SQL HACKING] krisk (Nov 17)
- Re: [PEN-TEST] [Re: MS SQL HACKING] Beauregard, Claude Q (Nov 20)
- Re: [PEN-TEST] [Re: MS SQL HACKING] Michael Owen (Nov 20)
- Re: [PEN-TEST] [Re: MS SQL HACKING] David LeBlanc (Nov 15)