Its not quite the same as "editing the SAM" But, Say you find the Domain Admin password is "abcdefgh" And you login locally on your machine and set the local admin password to "abcdefgh" as well. Then when you try to access the network while logged in as the local account you may find that you can get domain level access because the MS authentication doesn't seem to check the domain and just passes through the username and password. I know this works for ipc$ shares but has anyone got any documentation on any other exploitations of this. -----Original Message----- From: Russell, Pat [mailto:pat.russellat_private] Sent: 22 June 2001 12:46 To: Subject: SAM file editing Is it possible to edit the SAM file in NT4.0 without using an external program? I have an incident where someone gave himself administrative rights the domain but insists "all" he did was modify the SAM file on the local machine. This doesn't sound right but I am not sure. Thanks for any help... Pat Russell Process Control & Automation Engineer J&L Specialty Steel, Inc. pat.russellat_private
This archive was generated by hypermail 2b30 : Mon Jun 25 2001 - 06:16:18 PDT