Re: Pwdump2 with UNICODE?

From: steven.m.gillat_private
Date: Wed Aug 08 2001 - 18:11:00 PDT

Next message: Paul Midian: "RE: sql injection - missed it at bh/defcon + follow on query."

Previous message: INA (V. Brahmanandam): "RE: besides "sa" who can run xp_cmdshell"
Maybe in reply to: Lists: "Pwdump2 with UNICODE?"
Next in thread: Penetration Testing: "Re: Pwdump2 with UNICODE?"
Reply: Penetration Testing: "Re: Pwdump2 with UNICODE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FYI,

While this does work on NT4, using cmdasp.asp on 2K will not dump the
hashes.  This is because IIS 5 runs the Windows Scripting Host under th
IWAM_<machine-name> context.

Steve



                                                                                                                   
                    Lists                                                                                          
                    <lists@ironco        To:     Penetration Testers <PEN-TESTat_private>                  
                    met.com>             cc:                                                                       
                                         Subject:     Re: Pwdump2 with UNICODE?                                    
                    08/07/2001                                                                                     
                    11:15 PM                                                                                       
                                                                                                                   
                                                                                                                   




Hello all.

I wanted to thank everyone for the responses.

Here is my quick summary. I got CmdAsp.asp and uploaded it to the server.
By
the way, I used upload.asp to get things up to the server. After running
cmdasp.asp, I was able to run pwdump2 and get the hashes. They are running
through a cracker as we speak. CmdAsp.asp seems to work really well.

As far as the \repair\sam._ file, I was unable to get this file to copy.
Everything I tried got access denied. However, it really doesn't matter as
I
succeeded in "getting the hashes" as required for this test.

Anyway, thanks for everyone's input on this. It was very helpful.

Allen Archer



----------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Paul Midian: "RE: sql injection - missed it at bh/defcon + follow on query."
Previous message: INA (V. Brahmanandam): "RE: besides "sa" who can run xp_cmdshell"
Maybe in reply to: Lists: "Pwdump2 with UNICODE?"
Next in thread: Penetration Testing: "Re: Pwdump2 with UNICODE?"
Reply: Penetration Testing: "Re: Pwdump2 with UNICODE?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 15:53:58 PDT