RE: Windows 2003 - Dumping Service Passwords

From: Larry Seltzer (Larry@larryseltzer.com)
Date: Fri Nov 24 2006 - 06:35:21 EST


>>If you have an account on the server then you can use Cain on your
local Windows machine to install the backdoor service Abel onto the
server via SMB, which will then let you dump the LSA Secrets and NT
Hashes.

Doesn't this require Domain Administrator privileges?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer@ziffdavis.com

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:21 EDT