Penetration Testing mailing list archives
Re: [PEN-TEST] IIS HACKING
From: Tim Hirst <thirst () HIVERWORLD COM>
Date: Wed, 18 Oct 2000 15:56:29 -0700
L0phtcrack will die when trying to open a non-expanded SAM file. Expand will not work on a damaged file and I can confirm that showcode.asp seems to mangle the sam._ beyond repair. I suspect that it is stripping some characters somewhere but I haven't done any testing to get the specifics. However, showcode.asp can still be useful in grabbing other files from the system. I primarily use it to view the source of various .asp files that might be on the web server. You can often find DSNs, usernames, and passwords to their back-end database by sifting through the code. For many companies, having access to a database can often times be more damaging than having access to the SAM. "Costa, Andrew" wrote:
http://www.victim.com/msadc/samples/selector/showcode.asp?source=/msadc/../../../../../winnt/repair/sam._There you go, you get the infamous sam._ file, copy it, expand it and crack it using Lophtcrack, my personal choise, and you will get all user passwords even the administrator one.I tried this on one of my boxes, and yes I got the SAM on the View Source ASP page, but it appears to have gotten mangled by the ASP formatting. What I tried next was use netcat to do a GET to the appropriate URL, strip out the HTML tags leaving the SAM db, and then expand it using expand.exe. It wouldn't expand, and when L0pht tried to open it, the program would just disappear. The editors I tried using included wordpad/2K, console editor/2K, and notepad/2K. I would really like to see this one work in action, I think it would send a strong wake-up call to my ppl within my organization about lax intranet/internet security. Andrew PS: I know that the SAM._ is not syskey encrypted either, so that is not the issue w/expansion or opening in l0pht
-- | Tim Hirst <thirst () hiverworld com> | Professional Services http://www.hiverworld.com | 510.848.0740 [Office] 510.612.4384 [Mobile] | Hiverworld -=- Adaptive, Distributed Security Technology
Current thread:
- [PEN-TEST] IIS HACKING mount ararat blossom (Oct 17)
- <Possible follow-ups>
- Re: [PEN-TEST] IIS HACKING Jonah Kowall (Oct 17)
- Re: [PEN-TEST] IIS HACKING Tim Hirst (Oct 18)
- Re: [PEN-TEST] IIS HACKING Renzo Toma (Oct 19)