Penetration Testing mailing list archives
RE: Sam File via IIS flaw
From: "Prashant Meswani" <prashant.meswani () ukonline co uk>
Date: Thu, 30 Jun 2005 13:46:05 +0100
Try using pwdump2 (http://www.bindview.com/Services/RAZOR/Utilities/Windows/pwdump2_readme.cfm ). It's a useful tool that might help you. Regards, Prashant Meswani, CEH The opinions expressed in this email are those of my own and does not represent those of any organisation or associations to which I belong to unless stated otherwise. -----Original Message----- From: nordicsmak () yahoo com [mailto:nordicsmak () yahoo com] Sent: 28 June 2005 20:03 To: pen-test () securityfocus com Subject: Sam File via IIS flaw During a recent penetration test I've discovered a flaw in the IIS server that allows me to browse to and view any file on the system. I'm able to browse to the /winnt/repair/sam file, but it obviously is unusable in the format that's presented in the browser. Any way to get this file in a format that can be used in L0pht? Thanks, Chris
Current thread:
- Sam File via IIS flaw nordicsmak (Jun 30)
- Re: Sam File via IIS flaw Jerome Athias (Jun 30)
- RE: Sam File via IIS flaw Prashant Meswani (Jun 30)
- Re: Sam File via IIS flaw Peter Wood (Jun 30)
- Re: Sam File via IIS flaw Alex Gottschalk (Jun 30)
- Re: Sam File via IIS flaw David Cravshaw (Jun 30)
- Re: Sam File via IIS flaw chillman (Jun 30)
- <Possible follow-ups>
- Re: Sam File via IIS flaw skill2die4 (Jun 30)