| To: | pen-test@securityfocus.com |
|---|---|
| Subject: | Re: windows 2003 server |
| From: | Nicolas RUFF <nicolas.ruff@gmail.com> |
| Date: | Fri, 13 Apr 2007 23:42:38 +0200 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=aWjp7sjX8H4bc/N4XEI37ZWn769k3bBrstHJ2xa5hRQw4pm9v46TKvxKmzp4K23zFanev6V3aQUui2RVcJH7rwB1kjgkeVFmdD8tx53IIg9S3OPXkxBQ7VyoFGuGUSpu2DqNt/h1eU3QJg3ETOugT/3Jah7jMsLfwJfO9dV3AKU= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:x-enigmail-version:content-type:content-transfer-encoding; b=IXLVqV6H9eiZYYpD7LW4o+ykOEn8xDAs1VPNALEkKXFW+JinFqhV18nb8ue7MmdugYV8XjtgQrIDHWPnw4FVjyk0r1OiT0mrSYMHCDMo/3de06XLDI2RWVl27FtcTbpZs5et6GngauMtc0nQmOx2bQE2P3UFWumsCmN3l99ebRc= |
| In-reply-to: | <242CFA4C7A18BB4DBFEC92BC5FF0C39DF1511A@tigger.admin.esu.edu> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <242CFA4C7A18BB4DBFEC92BC5FF0C39DF1511A@tigger.admin.esu.edu> |
| Resent-date: | Fri, 13 Apr 2007 18:00:24 -0600 (MDT) |
| Resent-from: | pen-test-return-1078483953@securityfocus.com |
| Resent-message-id: | <20070414000024.786EC237FEF@outgoing3.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
| User-agent: | Thunderbird 1.5.0.10 (Windows/20070221) |
> Yea if you used pwdump you need admin privledges to dump the hashes. If > you manage to get a reverse shell you can ftp the sam from the repair > folder and the system part of the registry. Then import them into L0pht > or LCP. If I am not mistaken, the sam file is sysked at level 1 by > default for 2k3? Could someone verify that for me? SYSKEY has been enabled by default since Windows 2000. By the way, "SYSKEY" and "REPAIR" things are of no use on a Domain Controller (since the original question was about domain password policy). All user information (including password) is stored in Active Directory - namely the "NTDS.DIT" file, which is of undocumented format. By accessing the SAM file on a Domain Controller, you would gain access to local accounts that existed on the server before DC promotion. If I remember well, some emergency utilities (like Directory Restore Mode) make use of this password, but that's all. Regards, - Nicolas RUFF ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: SAP Pen-testing - complexity - first ideas, Carl Jongsma |
|---|---|
| Next by Date: | Re: windows 2003 server, killy |
| Previous by Thread: | Re: SAP Pen-testing - complexity - first ideas, Carl Jongsma |
| Next by Thread: | Re: windows 2003 server, killy |
| Indexes: | [Date] [Thread] [Top] [All Lists] |