Penetration Testing mailing list archives
RE: Password audits
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Wed, 25 Oct 2006 09:44:54 -0400
A safe way would be to grab the SAM from a backup. -Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of xelerated Sent: Monday, October 23, 2006 7:01 AM To: pen-test () securityfocus com Subject: Password audits I have been given the task of doing a password audit. No problem, except I can use pwdump for the slight risk of having to reboot a DC. I know there are many ways to get a pw dump from a DC but my question is this. What is the safest way to get that, so that you dont risk having a DC need to reboot or have to install software on the DC? In the past I have used pwdump, different versions, and usually i didnt have to reboot the box, but there was that rare occasion that that it made lsass puke and had to be rebooted. Thanks in advance for your input. Chris ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Password audits xelerated (Oct 24)
- Re: Password audits pand0ra (Oct 24)
- Re: Password audits shaun (Oct 24)
- RE: Password audits Paul Melson (Oct 25)
- RE: Password audits Isaac Van Name (Oct 25)
- Re: Password audits Lanny Trager (Oct 26)
- <Possible follow-ups>
- RE: Password audits Scott Ramsdell (Oct 25)