Security Basics mailing list archives
RE: How does the Cain and Abel SAM dump works?
From: "Rivest, Philippe" <PRivest () transforce ca>
Date: Wed, 16 Jul 2008 14:39:46 -0400
Quick reminder, you can lunch some of those tools remotely with no access to the system. I belive the pwdump6 or fgdump (something similar) would do this. Also, if you are local admin DOEST give you access to another's account. If you get his password you could basically do everything under his name & authority, make trouble and go free about it. Merci / Thanks Philippe Rivest, CEH Vérificateur interne en sécurité de l'information Courriel: Privest () transforce ca Téléphone: (514) 331-4417 www.transforce.ca Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long. You could print this email, but it does takes a long time to grow trees. -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de Ansgar -59cobalt- Wiechers Envoyé : 16 juillet 2008 11:26 À : security-basics () securityfocus com Objet : Re: How does the Cain and Abel SAM dump works? On 2008-07-16 Patrick Webster wrote:
On newer Windows boxes the SAM is protected... but not from LocalSystem :) PWDump3 is an example. It installs/dumps/uninstalls as a Windows service.
You need admin privileges to install system services, in which case you don't need to crack passwords anymore, because you can do anything anyway. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Passwords: length vs. complexity (was: How does the Cain and Abel SAM dump works?), (continued)
- Message not available
- Passwords: length vs. complexity (was: How does the Cain and Abel SAM dump works?) Ansgar -59cobalt- Wiechers (Jul 18)
- RE: Passwords: length vs. complexity (was: How does the Cain and Abel SAM dump works?) Rivest, Philippe (Jul 21)
- Re: Passwords: length vs. complexity Ansgar -59cobalt- Wiechers (Jul 21)
- RE: Passwords: length vs. complexity Rivest, Philippe (Jul 21)
- Re: Passwords: length vs. complexity Ansgar -59cobalt- Wiechers (Jul 21)
- Message not available
- Re: Passwords: length vs. complexity Ansgar -59cobalt- Wiechers (Jul 22)
- Re: How does the Cain and Abel SAM dump works? Rob Thompson (Jul 18)
- Re: How does the Cain and Abel SAM dump works? Ansgar -59cobalt- Wiechers (Jul 16)
- RE: How does the Cain and Abel SAM dump works? Rivest, Philippe (Jul 16)