Penetration Testing mailing list archives
Re: [PEN-TEST] [Re: MS SQL HACKING]
From: krisk <krisk () MEDSHOPPEINTL COM>
Date: Tue, 14 Nov 2000 16:41:31 -0600
At 10:00 PM 11/14/2000 EET, mount ararat blossom wrote: Hi there, as this paper was not detailing NT hacking methods, or WIN2SHIT hacking
staff,
i did not mention pwdump2 or other tools which make it easy to dump sam._ file from winnt/system32/repair/sam._ even if it was SYSKEY ed. cheers
And this doesn't work with W2K and active directory in native mode, the only accounts contained in the sam file are the administrator and guest accounts. L0pht crack won't dump them with admin access either. Anybody run across a tool to dump the users and password hashes from Active Directory yet? I'm guessing this should be easily do-able with admin access since it has to be stored somewhere in AD, but haven't had the time to look into it further yet... Kris Kistler WAN Communications / Security Admin. St. Louis, MO
Current thread:
- Re: [PEN-TEST] [Re: MS SQL HACKING] mount ararat blossom (Nov 15)
- Re: [PEN-TEST] [Re: MS SQL HACKING] David LeBlanc (Nov 15)
- Re: [PEN-TEST] [Re: MS SQL HACKING] krisk (Nov 15)
- <Possible follow-ups>
- Re: [PEN-TEST] [Re: MS SQL HACKING] Fernando Cardoso (Nov 16)
- Re: [PEN-TEST] [Re: MS SQL HACKING] krisk (Nov 17)
- Re: [PEN-TEST] [Re: MS SQL HACKING] Beauregard, Claude Q (Nov 20)
- Re: [PEN-TEST] [Re: MS SQL HACKING] Michael Owen (Nov 20)
- Re: [PEN-TEST] [Re: MS SQL HACKING] David LeBlanc (Nov 15)