Pwdump2 with UNICODE?

From: Lists (listsat_private)
Date: Mon Aug 06 2001 - 23:28:54 PDT

  • Next message: nemo latin: "sql injection - missed it at bh/defcon"

    Hello all. Our company is currently doing a pentest for a customer.
    Normally, we grab the boot.ini file from the target server and that is
    sufficient. However, this customer has required us to "grab the hashes", as
    the sysadmin of the company stated. He feels that he has proper permissions
    set on all of the "important" files and this would not be an adequate test.
    The server was found to be vulnerable to the UNICODE vulnerability. We were
    able to use the upload.asp exploit to upload pwdump2.exe and samdump.dll to
    the server. However, we have been unable to get pwdump2 to execute properly.
    We also copied cmd.exe to another directory renaming it to cmd1.exe to run
    the commands. But again, no results.
    Has anyone been successful in getting pwdump2 to work through UNICODE? If
    so, what was the syntax you used to get it to go through?
    Any advise on this would be greatly appreciated.
    Allen Archer
    Creative Solutions, Inc.
    Atlanta, Georgia 30303
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 15:17:59 PDT