Penetration Testing mailing list archives

Re: [PEN-TEST] Hard-coded passwords in WINNT directory?

From: "Erik \"the Style\" Pace" <erikb38 () PACBELL NET>
Date: Tue, 28 Nov 2000 17:22:09 -0800

Why not just upload pwdump.exe?

and run it

hacked up c:>\pwdump.exe > samdump.txt

then ftp it back to yourself.

E


----- Original Message -----
From: "Davidson,Sam" <SDAVIDSON () CERNER COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Tuesday, November 28, 2000 10:33 AM
Subject: Re: Hard-coded passwords in WINNT directory?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

With RDS, you can rdisk.exe /s the system, then issue a command to
copy the repaired sam to the www_root directory, then download it.

OR

Using RDS, enter echo commands to create an FTP script to upload the
SAMto an FTP host. That same FTP script can also be used to get
Netcat or any other just as suitable ( I prefer the NT SSH server )
and configure your listenting port, and execute commands as you
desire.

- -----Original Message-----
From: Loschiavo, Dave [mailto:DLoschiavo () FRCC CC CA US]
Sent: Tuesday, November 28, 2000 09:27
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Hard-coded passwords in WINNT directory?


How about in cases where null session enumeration isn't possible
(firewall,
RestrictAnonymous, etc) but where you can get to c:\winnt\repair (via
RDS,
Unicode, etc) and the sytem is running a FAT partition?

How would you go about sifting the registry for account names and
passwords
where services are using impersonation?

- -----Original Message-----
From: Tom Vandepoel
To: PEN-TEST () SECURITYFOCUS COM
Sent: 11/28/00 3:22 AM
Subject: Re: [PEN-TEST] Hard-coded passwords in WINNT directory?

[snip]

No doubt other interesting tidbits are stored in the registry. The
question is how much you can access with a null session ofcourse...

Tom.


- --
_________________________________________________

Tom Vandepoel
Sr. Network Security Engineer

www.ubizen.com
tel +32 (0)16 28 70 00 - fax +32 (0)16 28 71 00
Ubizen - Grensstraat 1b - B-3010 Leuven - Belgium
_________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOiP6iSxWbJ8NNDpjEQKBYACgkUNF2UO8ykyHqoKhcvK32s8hWAsAniL3
qJaH8rVLsjfh7MW3PpukwB/k
=ao6w
-----END PGP SIGNATURE-----

Current thread:

[PEN-TEST] Hard-coded passwords in WINNT directory? Jonathan Wrathall (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Times Enemy (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Ryan Russell (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Tom Vandepoel (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Kris Carlier (Nov 29)
- <Possible follow-ups>
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Plague, Grandmaster (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? William Salusky (Nov 28)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Loschiavo, Dave (Nov 29)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Davidson,Sam (Nov 29)
  - Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Erik "the Style" Pace (Nov 29)
  - Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Andreas Junestam (Nov 30)
- Re: [PEN-TEST] Hard-coded passwords in WINNT directory? Loschiavo, Dave (Nov 29)