From: Teh Fizzgig (fizzgig@foofus.net)
Date: Fri Apr 20 2007 - 10:16:18 EDT
cesar montano wrote:
> mates,
> need your inputs badly. we have w2k3 server with
> a newly installed application ... unfortunately, the
> system staff who's in-charge for that server has
> forgotten the admin password he inputted in the last
> few weeks. any idea on how to recover it or other
> way to login on that server?
>
You could run something like Locksmith (does that run on W2K3? It's been
awhile since I used it). That's the easiest, but not as much fun as the
other solutions. :)
Otherwise, what other sorts of services are running on it? Has it been
recently patched?
If it's behind in patching, exploit it using your favorite vuln o'the
day (like the recent DNS vulnerability perhaps) in Metasploit, Canvas,
etc. If you've got old BackupExec on it, that too is sometimes
vulnerable. Many of these exploits allow you to run as System, which
means you can dump the passwords and crack them. Besides, it's kind of
fun and liberating breaking into your own boxes.
If SQL Server is installed on the box, it's quite possible someone left
an easy sa password on it, which also might mean you can execute tasks
as system via xp_cmdshell. Just like vuln exploiting, dump the passwords
and crack them appropriately.
Admittedly, these paths are overkill, but as I said, they are more fun
than simply rebooting with Locksmith or something. :) After all, this is
pen-test.
--f
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:45 EDT