RE: AD password Auditing

From: dave kleiman (dave@isecureu.com)
Date: Sun Aug 07 2005 - 14:09:01 EDT

• Next message: Joey Peloquin: "Re: AD password Auditing"
• Previous message: Arun Vishwanathan: "RE: What are some good sources to keep me up top :) ?"
• In reply to: Rochford, Paul: "RE: AD password Auditing"
• Next in thread: Joey Peloquin: "Re: AD password Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

For Microsoft AD, the NTDS.dit file is the database you are looking for. The
local SAM file is not going to store the AD users info. It will however
contain the original admin account that was used when installing AD. This
is, by default, the Directory Restore account.

Dave

> -----Original Message-----
> From: Rochford, Paul [mailto:paul.rochford@hp.com]
> Sent: Sunday, August 07, 2005 09:49
> To: Joe Traband; pen-test@securityfocus.com
> Subject: RE: AD password Auditing
>
> You used to get the SAM file off a running server by running
> rdisk /s-, it will make a copy on the existing one. It's the
> copy of the SAM you retrieve. Also not sure AD stores
> credentials in the same way as Classic NT Domains, so you may
> be looking in the wrong place. Someone I'm sure can verify this.
>
>
> Kind Regards,
> Paul Rochford
>
>
> -----Original Message-----
> From: Joe Traband [mailto:jtraband@truarx.com]
> Sent: Friday, August 05, 2005 8:36 PM
> To: pen-test@lists.securityfocus.com
> Subject: Re: AD password Auditing
>
> You are looking for the SAM file, but I'm sure you've found
> out that you can't just copy the SAM file off a running
> machine. There are two ways to get the SAM file.
>
> 1) Get the backed up SAM file (only can be done if a boot
> disk was made with the right options selected) Or
> 2) Boot into some variant of Linux and get the SAM file
>
> A good tutorial, with step-by-step instructions can be found at
> http://www.irongeek.com/i.php?page=security/localsamcrack2
>
> After you have the SAM file, you'll want to run John the Ripper or LC3
> (LC5 if you have some money) against the file.
>
> I have yet to find a way to copy the SAM file off a running
> server. If anyone can do that, please let me know!
>
> -Joe
>
> -----Original Message-----
> From: Lohan Spies [mailto:lohan.spies@ifs-sa.co.za]
> Sent: Friday, August 05, 2005 7:43 AM
> To: 'pen-test@securityfocus.com'
> Subject: AD password Auditing
>
> Hi there,
>
> I want to know how can I copy the AD (Active Directory)
> database so that I can run a password cracking tool against
> the accounts?
>
> Could someone please point me in the right direction
> regarding the tools to use and how to copy the db?
>
> Thanks
>
> --------------------------------------------------------------
> ----------
> ------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know
> That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs.
> Secure your WLAN by understanding these threats, available
> hacking tools and proven countermeasures. Defend your WLAN
> against man-in-the-Middle attacks and session hijacking,
> denial-of-service, rogue access points, identity thefts and
> MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> --------------------------------------------------------------
> ----------
> -------
>
>
> --------------------------------------------------------------
> ----------
> ------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know
> That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs.
> Secure your WLAN by understanding these threats, available
> hacking tools and proven countermeasures. Defend your WLAN
> against man-in-the-Middle attacks and session hijacking,
> denial-of-service, rogue access points, identity thefts and
> MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> --------------------------------------------------------------
> ----------
> -------
>
>
> --------------------------------------------------------------
> ----------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know
> That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs.
> Secure your WLAN by understanding these threats, available
> hacking tools and proven countermeasures. Defend your WLAN
> against man-in-the-Middle attacks and session hijacking,
> denial-of-service, rogue access points, identity thefts and
> MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> --------------------------------------------------------------
> -----------------
>
>
>

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

• Next message: Joey Peloquin: "Re: AD password Auditing"
• Previous message: Arun Vishwanathan: "RE: What are some good sources to keep me up top :) ?"
• In reply to: Rochford, Paul: "RE: AD password Auditing"
• Next in thread: Joey Peloquin: "Re: AD password Auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:43 EDT