Re: Sam File via IIS flaw

From: Jerome Athias (jerome.athias@free.fr)
Date: Thu Jun 30 2005 - 06:46:42 EDT

• Next message: Peter Wood: "Re: Sam File via IIS flaw"
• Previous message: Thomas Brennan: "RE: CEH training"
• In reply to: nordicsmak@yahoo.com: "Sam File via IIS flaw"
• Next in thread: Peter Wood: "Re: Sam File via IIS flaw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

try SAMinside : http://www.insidepro.com/

Regards,
JA

----- Original Message -----
From: <nordicsmak@yahoo.com>
To: <pen-test@securityfocus.com>
Sent: Tuesday, June 28, 2005 9:02 PM
Subject: Sam File via IIS flaw

During a recent penetration test I've discovered a flaw in the IIS server
that allows me to browse to and view any file on the system.

I'm able to browse to the /winnt/repair/sam file, but it obviously is
unusable in the format that's presented in the browser.

Any way to get this file in a format that can be used in L0pht?

Thanks,
Chris

• Next message: Peter Wood: "Re: Sam File via IIS flaw"
• Previous message: Thomas Brennan: "RE: CEH training"
• In reply to: nordicsmak@yahoo.com: "Sam File via IIS flaw"
• Next in thread: Peter Wood: "Re: Sam File via IIS flaw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:30 EDT