From: Jerome Athias (jerome.athias@free.fr)
Date: Wed Nov 22 2006 - 02:46:33 EST
Jason a écrit :
> I am currently conducting a penetration test and have compromised a Windows 2003 server which is a domain member server and have admin privs. I have noticed the system has numerous services which are running through domain accounts and some of those accounts are domain admins.
>
> I understand the passwords for the services are stored in the LSA and I would like to dump them. I have tried lsadump2 and this just hangs and finally reboots the server. What other tools can I use on W2K3 to dump these passwords?
>
> I would prefer to use something that does not need to be installed with an installer and does not require the server to be rebooted if that is possible.
>
> Any help appreciated.
>
> J
Ask "your friend" for:
cachedump
fgdump
(yes *fizzgig! someone read your website ;-)
*
*"What the heck are you using pwdump for? * fgdump
<http://www.foofus.net/fizzgig/fgdump>* does *everything* pwdump does,
only more! I highly recommend switching over as soon as possible. :)"
(no installation required : difference with Cain&Abel ;p)
*
/JA
Webmaster https://www.securinfos.info
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:21 EDT