From: Nicolas RUFF (nicolas.ruff@gmail.com)
Date: Sat Nov 11 2006 - 09:12:04 EST
Indeed most problems are coming from DEP being enabled, as pointed out
before on the list:
http://seclists.org/pen-test/2005/Sep/0229.html
To fix this, just replace:
alloc(..., PAGE_READWRITE);
with:
alloc(..., PAGE_EXECUTE_READWRITE);
in the source.
In my experience, you can also run into trouble when starting PWDUMP
from inside a "SYSTEM" shell, or from a Terminal Server (or Citrix) session.
If "samdump.dll" is blocked at load time by some antivirus, you will
also experience PWDUMP becoming a "dead process" (infinite blocking on
ReadPipe()).
At the end, I would recommend using Cain (with remote Abel server on the
target). It is more stable, DEP-compatible, and not always detected by
antivirus.
http://www.oxid.it/
Regards,
- Nicolas RUFF
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:19 EDT