Security Basics mailing list archives

How to safely obtain windows hashes remotely

From: Jose Mendoza <tucupita007 () bluebottle com>
Date: Tue, 15 May 2007 13:39:23 -0700

I'm doing an PenTest/Proof of Concept in my LAN, but to date I'm quite sure everything is OK and Up-to-Date in terms of 
password hardening and security techniques in place.

I've tested CAIN, tried to exploit using Meterpreter, used EtterCap, PWDump and something else using an spoofed machine 
with no success at all! Hurray!

Nevertheless, my boss still doesn't believe our network is completely safe -from a technical point of view.

Does anybody knows how to perform a password dump from a WinXP and/or Win2003 box remotely without a trace?

All client boxes are running XPSP2 and all servers W2003.

Thanks,

Jose Mendoza
Caracas, Venezuela

----------------------------------------------------------------------
Finally - A spam blocker that actually works.
http://www.bluebottle.com

Current thread:

How to safely obtain windows hashes remotely Jose Mendoza (May 15)
- Re: How to safely obtain windows hashes remotely Pranay Kanwar (May 16)
- RE: How to safely obtain windows hashes remotely Scott Ramsdell (May 16)
- <Possible follow-ups>
- Re: RE: How to safely obtain windows hashes remotely chris (May 22)