Re: Active Directory Pentest

From: AdamT (adwulf@gmail.com)
Date: Thu May 31 2007 - 02:51:35 EDT


On 30/05/07, Ricardo Mourato <ricardomcm@gmail.com> wrote:
> hi folks, in a costumer network where i'm doing a pentest, i found an
> Active Directory Server, this one also runs SQL server 2000 SP1, i've
> found that SQL server doenst have a password on the SA account, so it
> was easy to get in with NT/SYSTEM, but my question is, where is the AD
> users directory located?
> tnks in advice
>
As mentioned, the AD database lives in NTDS.DIT. These files can grow
quite large. Check and see if there's a recovery mode password set to
null - which might get you what you want:

http://support.microsoft.com/kb/271641

-- 
AdamT
"Waiting for paint to dry or replication to complete is never any fun.
You should also move the mouse around repeatedly until it completes."
 --- Al Mulnick
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:50 EDT