Re: Fwd: How does the Cain and Abel SAM dump works?

["Jorge L. Vazquez" <jlvazquez825 () gmail com>]

Adriel Desautels wrote:
> Actually I might. I'll get back to you on that.
>
> Regards,
>     Adriel T. Desautels
>     Chief Technology Officer
>     Netragard, LLC.
>     Office : 617-934-0269
>     Mobile : 617-633-3821
>     http://www.linkedin.com/pub/1/118/a45
>
>     Join the Netragard, LLC. Linked In Group:
>     http://www.linkedin.com/e/gis/48683/0B98E1705142
>
> ---------------------------------------------------------------
> Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> Penetration Testing, Vulnerability Assessments, Website Security
>
> Netragard Whitepaper Downloads:
> -------------------------------
> Choosing the right provider : http://tinyurl.com/2ahk3j
> Three Things you must know  : http://tinyurl.com/26pjsn
>
>
> Eric Snyder wrote:
> > Adriel ,
> >
> > How are you checking / cracking longer, 15 character plus, passwords?
> > The best table I have seen is 14 character.  Do you have a source for
> > 15+ character tables that use every possible printable characters;
> > commas, spaces, grave accents, etc.?
> >
> > Thank you.
> >
> > -Eric.
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of Adriel Desautels
> > Sent: Tuesday, July 15, 2008 2:05 PM
> > To: my.security.lists () gmail com
> > Cc: Vikas Singhal; security-basics () securityfocus com
> > Subject: Re: Fwd: How does the Cain and Abel SAM dump works?
> >
> > Yep, and rainbow tables are your friend.
> >
> > Regards,
> >     Adriel T. Desautels
> >     Chief Technology Officer
> >     Netragard, LLC.
> >     Office : 617-934-0269
> >     Mobile : 617-633-3821
> >     http://www.linkedin.com/pub/1/118/a45
> >
> >     Join the Netragard, LLC. Linked In Group:
> >     http://www.linkedin.com/e/gis/48683/0B98E1705142
> >
> > ---------------------------------------------------------------
> > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > Penetration Testing, Vulnerability Assessments, Website Security
> >
> > Netragard Whitepaper Downloads:
> > -------------------------------
> > Choosing the right provider : http://tinyurl.com/2ahk3j
> > Three Things you must know  : http://tinyurl.com/26pjsn
> >
> >
> > Rob Thompson wrote:
> > > Vikas Singhal wrote:
> > > > Hi Friends,
> > > > Nowaday, I am studying on the Topic - Cracking Windows password.
> > > > There are lot of tools out there which can dump LM and NTLM hashes
> > for
> > > > you. But as far i know, you can't touch the SAM file when windows is
> > > > running, so, how does these tools work.
> > > > Is the sam dumped in-memory?
> > > > Regards
> > > > V
> > >
> > > Whenever I've had to do that, I have copied the SAM off the box, while
> > > the machine was running and then done the work offline.
> > >
> > > I haven't had to do it a lot, but a few times and it's worked each
> > time.
> > > Hope that this helps.
you're right the safest method would be to copy the SAM off the 
computer, but I think for that you should have adimin rights on that 
box...correct me if I'm wrong

another thing that has happened to me with Cain is that when pulling a 
MITM attack on a victim to sniff off password, I can get the password 
for pop3, telnet, ftp....with no problem; well those are sent in clear 
text over the network with no kind of encryption, but when I try to dump 
the hashes from a windows box login/authentication with a Domain 
Controller or when trying to access a share on the network....I get the 
hashes in the sniffer session in Cain, and then import them into crack 
to do a dictionary or  brute force attack, when when I actually launch 
the attack it doesn't load the hashes; I get the error no hashes 
imported, like if Cain is not recognizing the hashes or the hashes are 
in the wrong format.....do I have to modify this hashes for Cain to 
understand them....or am I missing something here


Thanks
Jorge L. Vazquez
www.pctechtips.org