Re: SAM user dump

["J. Theriault" <administrator () maginetworks com>]

DokFLeed wrote:
> Hey,
> I am looking for a way to dump the SAM hashes by USER account. assume 
> the box doesn't have CD or Floppy to boot from. No repair files , or 
> Registry SAM hashes available.
>
> any tools to dump the hashes for user from a cmd console
> or should we start coding one !
>
> DokFLeed

As I don't know of any tools that would allow you to do this, why not 
just combine pwdump with an exploit into one package?


I've used the package method a few times, along the lines of:
BATCH file calls EXPLOIT;
EXPLOIT gives access as SYSTEM;
SYSTEM then executes PWDUMP;
PWDUMP dumps passwords to FILE;
FILE is immediately sent to a remote email server via BMAIL;
BATCH executes a second BATCH(2);
BATCH(2) fills all other files with garbage, deletes them(;), and
(optional)
calls AT;
AT deletes BATCH(2) and removes the directory.


If you put that package as a self-extracting silent zip package that 
auto-executes the first batch file silently and call it via a 
download-and-execute exploit just as with the JPEG GDI+ vuln, then it 
can be instigated automatically.

The compressed package is about ~90KB when self-extracting.



J. Theriault
administrator () maginetworks com

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------