From: killy (killfactory@gmail.com)
Date: Thu Sep 28 2006 - 16:24:58 EDT
Hi Juan,
Try this.
If the Domain Admin has recently logged into the server, simply run 'dumpcache'.
If you have the Domain Admins hash, then you run John the Ripper or
Cain and Able to crack it.
Follow carefully,
with Cain program running, select cracker--> then highlight MS-cache
hashes --> then select the '+' sign.
this will dump ms-cache on your local pc.
now go into program files/cain and look for cache.lst. open it and
view the format of the captured hash.
compare it to the output of the dumpcahce program.
simply copy your dump cache into the cache.lst in the Cain format.
now open Cain and you will see your captured hash from the domain admin account.
Now you can either brute force it or use the Rainbow table option.
I hope that was clear. Sorry I am in a hurry.
feel free to contact me off line.
On 23 Sep 2006 00:45:03 -0000, juanbabi@yahoo.com <juanbabi@yahoo.com> wrote:
> Hi,
>
>
> for a pen test in doing I got control on the server and logged as the local admin. know I need to retrive the admin's password this is the goal of the pen test from the client side. I know an easy way to crack the sam file with a live linux cd but I cant boot the server it needs to be allways up. I tried to use pwdump.exe but it tells me he cand find the local ADMIN$ shere. so it wont work.does someone knows a good way to retrive and crack the admin's password.I an really stuck on this...
>
>
> thanks very much !
>
> Juan
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
-- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:02 EDT