Re: cracking Y2k DC Admin password

From: Devin Ertel (devin.ertel@gmail.com)
Date: Tue Sep 26 2006 - 13:41:44 EDT


Another way would be to craft a payload for your exploit to use
Meterpreter DLL Inject from metasploit. Then just use gethashes. Dump
the hashes in your favorite cracker. I would suggest rainbow crack if
you got the tables. Saves some time.

On 9/25/06, s-williams@nyc.rr.com <s-williams@nyc.rr.com> wrote:
> Or if you go to the %systemroot%repair in that folder you should see a backup of the sam and the system file feed that to lcp, saminside, lc5, anyone and you have your passwords.
> Sent via BlackBerry from T-Mobile
>
> -----Original Message-----
> From: okrehel@loews.com
> Date: Mon, 25 Sep 2006 11:20:46
> To:juanbabi@yahoo.com
> Cc:listbounce@securityfocus.com, pen-test@securityfocus.com
> Subject: Re: cracking Y2k DC Admin password
>
> try
>
> - rescue in windows folder and backup sam file from it, it has admin
> credentials, johny the riper, LC, and ophcrack will do the job - with hash
> tables....
> - use cachedump to dump cached credentials on that server, maybe admin was
> signed on (default is 5 accounts cached)
> - use lsadump2 to dump passwords of running services, maybe some of them is
> running with the local admin credentials
>
> Ondrej Krehel, CISSP, CEH
>
>
>
>
> juanbabi@yahoo.co
> m
> Sent by: To
> listbounce@securi pen-test@securityfocus.com
> tyfocus.com cc
>
> Subject
> 09/22/2006 08:45 cracking Y2k DC Admin password
> PM
>
>
>
>
>
>
>
>
>
> Hi,
>
>
> for a pen test in doing I got control on the server and logged as the local
> admin. know I need to retrive the admin's password this is the goal of the
> pen test from the client side. I know an easy way to crack the sam file
> with a live linux cd but I cant boot the server it needs to be allways up.
> I tried to use pwdump.exe but it tells me he cand find the local ADMIN$
> shere. so it wont work.does someone knows a good way to retrive and crack
> the admin's password.I an really stuck on this...
>
>
> thanks very much !
>
> Juan
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
>
> ------------------------------------------------------------------------
>
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>

-- 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDRSbM89sZcveB9ZcRAqPtAJwNucIAppp55yzvmHAI+YAazttWmgCdHET7
vTWi5ssDn09YyXlhSeofJ3g=
=bf1/
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:01 EDT