RE: Windows 2003 - Dumping Service Passwords

To:	pen-test@securityfocus.com
Subject:	RE: Windows 2003 - Dumping Service Passwords
From:	Larry Seltzer <Larry@larryseltzer.com>
Date:	Fri, 24 Nov 2006 06:35:21 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
In-reply-to:	<20061122223626.29259.qmail@securityfocus.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date:	Fri, 24 Nov 2006 12:34:21 -0700 (MST)
Resent-from:	pen-test-return-1078483041@securityfocus.com
Resent-message-id:	<20061124193421.D4295FA9FA@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com
Thread-index:	AccPsxDMykcci5NwSyO3ZmfFi/0x5QACX7kQ
Thread-topic:	Windows 2003 - Dumping Service Passwords

>>If you have an account on the server then you can use Cain on your
local Windows machine to install the backdoor service Abel onto the
server via SMB, which will then let you dump the LSA Secrets and NT
Hashes. 

Doesn't this require Domain Administrator privileges?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.eweek.com/blogs/larry%5Fseltzer/
Contributing Editor, PC Magazine
larryseltzer@ziffdavis.com 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
RE: Windows 2003 - Dumping Service Passwords, (continued) RE: Windows 2003 - Dumping Service Passwords, Goran Pizent RE: Windows 2003 - Dumping Service Passwords, Jessie Ling XX (MC/EPA) RE: Windows 2003 - Dumping Service Passwords, Goran Pizent RE: Windows 2003 - Dumping Service Passwords, Jon Westcott RE: Windows 2003 - Dumping Service Passwords, John Babio Re: Windows 2003 - Dumping Service Passwords, Jeremy Saintot Re: Windows 2003 - Dumping Service Passwords, Spam Re: Windows 2003 - Dumping Service Passwords, Jerome Athias RE: Windows 2003 - Dumping Service Passwords, Maher Odeh Re: Windows 2003 - Dumping Service Passwords, one2 RE: Windows 2003 - Dumping Service Passwords, Larry Seltzer <= RE: Windows 2003 - Dumping Service Passwords, Scott Ramsdell

Previous by Date:	RE: Windows 2003 - Dumping Service Passwords, Goran Pizent
Next by Date:	AttackAPI 2.0 alpha, pdp (architect)
Previous by Thread:	Re: Windows 2003 - Dumping Service Passwords, one2
Next by Thread:	RE: Windows 2003 - Dumping Service Passwords, Scott Ramsdell
Indexes:	[Date] [Thread] [Top] [All Lists]