From: Erik Birkholz (erik@foundstone.com)
Date: Wed Jan 28 2004 - 22:09:51 EST
Do you want to crack passwords or own the box? You intentions are unclear. Are you limited to logical network access or can you physically touch the server? If so, are you doing a local host review?
---------------------------------------
(Msg from BlackBerry Wireless Handheld)
---------------------------------------
Erik Pace Birkholz - CISSP, MCSE
Foundstone, Inc.
Strategic Security
Read Special Ops and mount an assault to eradicate network negligence today. www.SpecialOpsSeries.com
[Tel] 949.297.5591
[Cel] 323.252.5916
[Fax] 949.297.5575
[pgp] https://www.foundstone.com/pgpkeys/erik-birkholz.asc
-----Original Message-----
From: Mark Melonson <markmelonson@hotmail.com>
To: pen-test@securityfocus.com <pen-test@securityfocus.com>
Sent: Tue Jan 27 17:33:32 2004
Subject: Offline sam dump?
Greetings,
I'm conducting a small scale pen-test for a client... I have conducted a
remote assesment and am now starting on internal testing. They are using
fully patched Win2k Pro boxes, with WinXPs scattered amogsnt the network
(Win2k Servers). I know about pwdump2-3e, but need to dump the SAM without a
local Admin account. I have used the Linux bootdisk method to rewrite the
hash, but I need something to use with John. Thanx...
-BlindTechie
_________________________________________________________________
Rethink your business approach for the new year with the helpful tips here.
http://special.msn.com/bcentral/prep04.armx
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:47 EDT