Penetration Testing mailing list archives
Re: windows 2003 server
From: Nicolas RUFF <nicolas.ruff () gmail com>
Date: Fri, 13 Apr 2007 23:42:38 +0200
Yea if you used pwdump you need admin privledges to dump the hashes. If you manage to get a reverse shell you can ftp the sam from the repair folder and the system part of the registry. Then import them into L0pht or LCP. If I am not mistaken, the sam file is sysked at level 1 by default for 2k3? Could someone verify that for me?
SYSKEY has been enabled by default since Windows 2000. By the way, "SYSKEY" and "REPAIR" things are of no use on a Domain Controller (since the original question was about domain password policy). All user information (including password) is stored in Active Directory - namely the "NTDS.DIT" file, which is of undocumented format. By accessing the SAM file on a Domain Controller, you would gain access to local accounts that existed on the server before DC promotion. If I remember well, some emergency utilities (like Directory Restore Mode) make use of this password, but that's all. Regards, - Nicolas RUFF ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Re: windows 2003 server Nicolas RUFF (Apr 13)
- <Possible follow-ups>
- Re: windows 2003 server killy (Apr 13)
- Re: windows 2003 server Teh Fizzgig (Apr 14)
- Re: windows 2003 server Peter Wood (Apr 14)
- Re: windows 2003 server Chris Parker (Apr 15)
- Re: windows 2003 server killy (Apr 16)
- Re: windows 2003 server Teh Fizzgig (Apr 14)
- Re: windows 2003 server killy (Apr 13)