pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[IIS 6] UNCPassword

from [daemonsec-pentest] [Permanent Link][Original]
To: pen-test@securityfocus.com
Subject: [IIS 6] UNCPassword
From: daemonsec-pentest@yahoo.it
Date: Wed, 21 Feb 2007 15:30:27 +0000 (GMT)
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.it; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=N9NajRoj8RNqNEcVPkSxzbF1V3lLeSuql+g6MJqIDy2ljs3SgyaMNSxuWgzbTRLMOAjd5iFJaW6w5+hR4OawGwBVmgGvlYgztCberps3KHd+TKncrEac3eFtgGKOvrKs7lAak6FPaHIzrt1s9zg6zl2wwq4kxxqxaGmJy95ZZV4= ;
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date: Wed, 21 Feb 2007 21:18:53 -0700 (MST)
Resent-from: pen-test-return-1078483591@securityfocus.com
Resent-message-id: <20070222041853.6BD2F144C0E@outgoing2.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
Hi, 
i'm doing a penetration test from the internal lan of our customer. 
I retrieved a metabase.xml file from IIS 6 Server and i found some 
"UNCPassword" fields 
with an encrypted password. 

How can i crack these passwords? Is there any tool? 
Which type of ecnryption is it? 

Regards,


        

        
                
___________________________________ 
L'email della prossima generazione? Puoi averla con la nuova Yahoo! Mail: 
http://it.docs.yahoo.com/nowyoucan.html

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [IIS 6] UNCPassword, daemonsec-pentest <=
Previous by Date:  Re: Website detection, Robin Wood
Next by Date:  RE: Websites Finding, Isidro Ramón Labrador Rodríguez
Previous by Thread:  What protocol to choose for a new fuzzer?, jezzzz .
Next by Thread:  Any suggests about a possible LRE (local root escalation), Andrew
Indexes:  [Date] [Thread] [Top] [All Lists]