Re: cracking Y2k DC Admin password

From: Machiavel (pierreluc.giguere@gmail.com)
Date: Wed Sep 27 2006 - 20:10:39 EDT


Hi!

IronGeek wrote a cool article about cracking local SAM with SYSKEY:
http://www.irongeek.com/i.php?page=security/vistasamcrack
The above article is about Windows Vista Beta 2 but it also links to
other articles he wrote about the same topic.

Cheers

Machiavel

On 9/27/06, Hari Sekhon <hpsekhon@googlemail.com> wrote:
> Hi,
> I've found cachedump to be reliable in the past, lsadump caused some
> crashing problems for me at the time so I didn't use it.
>
> Could somebody tell me how to go about retrieving the hashes from the
> offline sam file. Is there a way? And if so what form do the hashes come
> in, DES?
>
>
> Thanks
>
> -h
>
> --
> Hari Sekhon
>
>
> On 9/25/06, s-williams@nyc.rr.com <s-williams@nyc.rr.com> wrote:
> >> Or if you go to the %systemroot%repair in that folder you should see
> >> a backup of the sam and the system file feed that to lcp, saminside,
> >> lc5, anyone and you have your passwords.
> >> Sent via BlackBerry from T-Mobile
> >>
> >> -----Original Message-----
> >> From: okrehel@loews.com
> >> Date: Mon, 25 Sep 2006 11:20:46
> >> To:juanbabi@yahoo.com
> >> Cc:listbounce@securityfocus.com, pen-test@securityfocus.com
> >> Subject: Re: cracking Y2k DC Admin password
> >>
> >> try
> >>
> >> - rescue in windows folder and backup sam file from it, it has admin
> >> credentials, johny the riper, LC, and ophcrack will do the job - with
> >> hash
> >> tables....
> >> - use cachedump to dump cached credentials on that server, maybe
> >> admin was
> >> signed on (default is 5 accounts cached)
> >> - use lsadump2 to dump passwords of running services, maybe some of
> >> them is
> >> running with the local admin credentials
> >>
> >> Ondrej Krehel, CISSP, CEH
> >>
> >>
> >>
> >>
> >> juanbabi@yahoo.co
> >> m
> >> Sent
> >> by: To
> >> listbounce@securi pen-test@securityfocus.com
> >>
> >> tyfocus.com cc
> >>
> >>
> >> Subject
> >> 09/22/2006 08:45 cracking Y2k DC Admin password
> >> PM
> >>
> >>
> >>
> >>
> >> Hi,
> >>
> >>
> >> for a pen test in doing I got control on the server and logged as the
> >> local
> >> admin. know I need to retrive the admin's password this is the goal
> >> of the
> >> pen test from the client side. I know an easy way to crack the sam file
> >> with a live linux cd but I cant boot the server it needs to be
> >> allways up.
> >> I tried to use pwdump.exe but it tells me he cand find the local ADMIN$
> >> shere. so it wont work.does someone knows a good way to retrive and
> >> crack
> >> the admin's password.I an really stuck on this...
> >>
> >>
> >> thanks very much !
> >>
> >> Juan
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:02 EDT