From: killy (killfactory@gmail.com)
Date: Fri Apr 13 2007 - 22:42:21 EDT
Pwdump will proper priviledges will work.
On 3/21/07, Vinay_Dwarakanath <Vinay_Dwarakanath@satyam.com> wrote:
> Just wondering... Heard that the security in 2003 is been strengthened.
> How does one dump the passwords from the SAM file. Is it via pwdump
> utility or are there any better suggestions.
>
> Vinay
>
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of John Babio
> Sent: Tuesday, March 20, 2007 7:21 PM
> To: Salvador.Manaois@infineon.com; chris_parker@adelphia.net;
> pen-test@securityfocus.com
> Subject: RE: windows 2003 server
>
> Here is a question. Without physical access the most you can do is dump
> the hashes. Is it possible to obtain the \windows\repair\sam file while
> the machine is up and running? Kind of ftp it to another location?
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of Salvador.Manaois@infineon.com
> Sent: Monday, March 19, 2007 7:45 AM
> To: chris_parker@adelphia.net; pen-test@securityfocus.com
> Subject: RE: windows 2003 server
>
> If your main goal is to gauge the "strength" of your organization's
> password policy and _not_ how to break into the win2003 server, then you
> should try to dump a copy of the SAM file onto a password-cracker.
> Remotely checking the password strength may require you to try
> brute-forcing a session to the server (but then again, if the invalid
> login threshold setting and the account lockout policy are defined, you
> may find this exercise frustratingly time-consuming). =)
>
> ...badz...
> Salvador Manaois III
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of Chris Parker
> Sent: Saturday, March 17, 2007 7:16 AM
> To: pen-test@securityfocus.com
> Subject: Re: windows 2003 server
>
> Nicolas RUFF wrote:
> >> I have a win2003 server that I have been asked to test its password
> >> policy. I am new to this and was wondering what would be the best
> >> approach to gain access? It is in my local network and will be
> >> segregated from the rest of the network for testing. I would be
> >> using a remote machine to log in and not locally. What would be your
> suggestions?
> >
> > Password policy can be found in Administrative Tools/[Local | Domain]
> > Security Policy.
> >
> > What do you mean by "testing password policy" ?
> >
> > Why do you need to gain access ? You'd better ask for an
> > administrative account and dump the SAM file into a password cracker
> (like LCP).
> >
> > Given the default security policy of W2003 (anonymous account
> > enumeration blocked, password length over 7 and mixed characters
> > required), your chances to break in remotely without any additional
> > information are near zero.
> >
> > Regards,
> > - Nicolas RUFF
> >
> First, we are trying to lock down our servers. I came into this after
> they had these server up for a few years, so you can see my work is cut
> out for me. I just wanted the best ways to test to make sure most users
> cannot get where they are not suppose to be. Current password policy is
> 8 characters, upper lower number.
>
> thanks
> Chris Parker
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
> 00000008bOW
> ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
> 00000008bOW
> ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
> 00000008bOW
> ------------------------------------------------------------------------
>
>
>
>
> DISCLAIMER:
> This email (including any attachments) is intended for the sole use of the intended recipient/s and may contain material that is CONFIDENTIAL AND PRIVATE COMPANY INFORMATION. Any review or reliance by others or copying or distribution or forwarding of any or all of the contents in this message is STRICTLY PROHIBITED. If you are not the intended recipient, please contact the sender by email and delete all copies; your cooperation in this regard is appreciated.
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
-- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:44 EDT