Re: Sam File via IIS flaw

From: chillman (charles.gillman@gmail.com)
Date: Thu Jun 30 2005 - 19:11:51 EDT

• Next message: Jeff Miller: "Re: Keystroke logging"
• Previous message: David Cravshaw: "Re: Sam File via IIS flaw"
• In reply to: nordicsmak@yahoo.com: "Sam File via IIS flaw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Chris

You are getting the very messy output of a binary file (Backup SAM)
displayed in your browser?

There was a Perl script to reassemble this output into a SAM file
which was used against the old Compaq Insight Manager directory
traversal vulnerability. I don't have the URL, try AstalaVista or
Google.

Once you have the binary SAM file you can use SAMDUMP to convert into
a PWDump format for importing into your favourite password cracker.

Regards
Charles

On 28 Jun 2005 19:02:54 -0000, nordicsmak@yahoo.com
<nordicsmak@yahoo.com> wrote:
> During a recent penetration test I've discovered a flaw in the IIS server that allows me to browse to and view any file on the system.
>
> I'm able to browse to the /winnt/repair/sam file, but it obviously is unusable in the format that's presented in the browser.
>
> Any way to get this file in a format that can be used in L0pht?
>
> Thanks,
> Chris
>

• Next message: Jeff Miller: "Re: Keystroke logging"
• Previous message: David Cravshaw: "Re: Sam File via IIS flaw"
• In reply to: nordicsmak@yahoo.com: "Sam File via IIS flaw"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:30 EDT