From: Rangari, Shailesh (Shailesh_Rangari@Syntelinc.com)
Date: Tue Mar 20 2007 - 23:51:47 EST
If the purpose of the exercise is to Audit the Password Policy, we may not
need to Brute Force the hashes beyond a certain point of time. The motive
here is to verify that the users are following the accepted norms and
practices in terms of choosing a strong password. Gauging the strength of a
password is the most important goal of a Password Audit. The scope of the
exercise has to be unambiguous in this regards. Please verify the same.
To gain a copy of the SAM file from the repair disk on a Win2003 Server via
an FTP session might be a bit difficult, assuming that it was hardened
appropriately. If that is the case then the Access Rights to Modify the
Repair Disk would be set for POWER USERS (provided that the server is not
used as a DC) so even an Administrator might not have any rights to this
file directly although he/she can certainly change the PERMISSION of the
same when needed.
Please visit the SANS Reading Room for an SFSP Tutorial pertaining to
creating simple yet strong passwords. A Password 8 characters long with
upper and lower case + numbers may not be big deal for LC5 to crack open.
Special Characters can certainly help you in strengthening it to a greater
extent.
http://www.sans.org/reading_room/whitepapers/authentication/
Thanks
Shailesh Rangari
-----Original Message-----
From: John Babio [mailto:jbabio@po-box.esu.edu]
Sent: Wednesday, March 21, 2007 2:56 AM
To: Salvador.Manaois@infineon.com; chris_parker@adelphia.net;
pen-test@securityfocus.com
Subject: [SPAM] - RE: windows 2003 server - Bayesian Filter detected spam
Here is a question. Without physical access the most you can do is dump
the hashes. Is it possible to obtain the \windows\repair\sam file while
the machine is up and running? Kind of ftp it to another location?
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Salvador.Manaois@infineon.com
Sent: Monday, March 19, 2007 7:45 AM
To: chris_parker@adelphia.net; pen-test@securityfocus.com
Subject: RE: windows 2003 server
If your main goal is to gauge the "strength" of your organization's
password policy and _not_ how to break into the win2003 server, then you
should try to dump a copy of the SAM file onto a password-cracker.
Remotely checking the password strength may require you to try
brute-forcing a session to the server (but then again, if the invalid
login threshold setting and the account lockout policy are defined, you
may find this exercise frustratingly time-consuming). =)
...badz...
Salvador Manaois III
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Chris Parker
Sent: Saturday, March 17, 2007 7:16 AM
To: pen-test@securityfocus.com
Subject: Re: windows 2003 server
Nicolas RUFF wrote:
>> I have a win2003 server that I have been asked to test its password
>> policy. I am new to this and was wondering what would be the best
>> approach to gain access? It is in my local network and will be
>> segregated from the rest of the network for testing. I would be
>> using a remote machine to log in and not locally. What would be your
suggestions?
>
> Password policy can be found in Administrative Tools/[Local | Domain]
> Security Policy.
>
> What do you mean by "testing password policy" ?
>
> Why do you need to gain access ? You'd better ask for an
> administrative account and dump the SAM file into a password cracker
(like LCP).
>
> Given the default security policy of W2003 (anonymous account
> enumeration blocked, password length over 7 and mixed characters
> required), your chances to break in remotely without any additional
> information are near zero.
>
> Regards,
> - Nicolas RUFF
>
First, we are trying to lock down our servers. I came into this after
they had these server up for a few years, so you can see my work is cut
out for me. I just wanted the best ways to test to make sure most users
cannot get where they are not suppose to be. Current password policy is
8 characters, upper lower number.
thanks
Chris Parker
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------
____________________________________________
Confidential: This electronic message and all contents contain information
from Syntel, Inc. which may be privileged, confidential or otherwise
protected from disclosure. The information is intended to be for the
addressee only. If you are not the addressee, any disclosure, copy,
distribution or use of the contents of this message is prohibited. If you
have received this electronic message in error, please notify the sender
immediately and destroy the original message and all copies.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:40 EDT