Re: Copying secret windows file

From: jwbensley@gmail.com
Date: Mon Dec 24 2007 - 01:40:41 EST


('binary' encoding is not supported, stored as-is) The SAM file is protected, it is always in use because somebody is logged on, use pwdump if you can upload files and execute them (if you can, slap a trojan/backdoor in too!), apart from that there’s not a lot I can say unless you can execute commands (because if you can you can upload files and restart the server and copy the SAM file before it boots into windows before its protected, or copy the registry but that’s only if you can execute commands?).

What kind of server is it, what’s running, is it exchange, copy the exchange database (although that will probably be massive) then sieve through peoples emails? Or if it’s a web server look for protected parts on the website, is there a .htaccess restricted area, if so try and grab the .htpasswd file? Is it an SQL server, if so try to download the tables, see if there is a tblUsers or something like that? Does it have any shares, i.e. if it’s a domain controller (Active Directory), looks for staff personal shares where there working is stored for mapped network drives (even better would be to see if it is split say a folder for finance, a folder for management, a folder for IT (Jackpot!).

Hope this helped is some how?!?!

Bensley.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:17 EDT