RE: SAM file editing

From: Wertheimer, Ishai (iwertheimerat_private)
Date: Sun Jun 24 2001 - 03:56:55 PDT

  • Next message: exceed mekka-symposium: "Re: pen testing IIS5"

    Pat,
    
    There is a Linux boot disk that can edit a local SAM file. You can boot the
    target machine with it and change a specific password directly.
    
    
    Ishai Wertheimer
    Manager - Information Risk Management Services
    KPMG Somekh Chaikin
    
    
    -----Original Message-----
    From: Russell, Pat [mailto:pat.russellat_private]
    Sent: Friday, June 22, 2001 1:46 PM
    To: pen-testat_private
    Subject: SAM file editing
    
    
    Is it possible to edit the SAM file in NT4.0 without using an external
    program?  I have an incident where someone gave himself administrative
    rights the domain but insists "all" he did was modify the SAM file on the
    local machine.  This doesn't sound right but I am not sure.  Thanks for any
    help...
    
    Pat Russell
    Process Control & Automation Engineer
    J&L Specialty Steel, Inc.
    pat.russellat_private 
    
    *****************************************************************************
    The information in this email is confidential and may be legally privileged.
    It is intended solely for the addressee. Access to this email by anyone else
    is unauthorized. 
    
    If you are not the intended recipient, any disclosure, copying, distribution
    or any action taken or omitted to be taken in reliance on it, is prohibited
    and may be unlawful. When addressed to our clients any opinions or advice
    contained in this email are subject to the terms and conditions expressed in
    the governing KPMG client engagement letter.         
    *****************************************************************************
    



    This archive was generated by hypermail 2b30 : Sun Jun 24 2001 - 19:39:15 PDT