Hey, I am aware that in the UK at least, Ministry of Defence (MOD) and other government systems holding classified or restricted data often run NTSE (NT Secure Edition), which apparently is a government build of NT that doesn't use the standard SAM cryptographic format, and has been quoted as 'not vulnerable to L0phtCrack attacks' as the RC4-based stuff is. I can't find any reference to the CESG (UK government Communications and Electronic Security Group) NTSE build details on the web, so can't dig up any supporting evidence right now. Are these government or corporate systems that are supposed to be hardened in this fashion? If not, have you tried using the pwdump3.exe command-line tool to extract the hashes into an ASCII text file, then transport them? Regards, Chris -----Original Message----- From: flexicon33at_private [mailto:flexicon33at_private] Sent: Wednesday, April 16, 2003 2:25 PM To: pen-testat_private Subject: LC4 (L0phtCrack) error "Couldn't open SAM\Domains\Account\Users in SAM file. Possibly improper format." Hi, I'm trying to import some SAM files into LC4, and for some reason LC4 doesn't like the format. I get the above error for any of 5 SAM files I'm trying. For a pen test, I got these sam files by senging a 'tptp put' command to the SQL server (had no 'sa' password) so the SAM files were sent to my tftp server. There were 5 of these servers, so I got 5 SAM files to try. LC4 doesn't like any of them. However, LC4 works for other SAM files... I tested with my own SAM file (w2k) and also another I downloaded from a machine via an http exploit... LC4 had no problems opening those 2 and working on them. Why does LC4 complain about these other SAM files? Does some other sam format exist or did they get mangled somehow? Thanks... Flexicon33, CISSP Chris McNab Technical Director Matta Security Limited 18 Noel Street London W1F 8GN Tel: 0870 077 1100 Mob: 0788 626 0878 This e-mail was sent from Matta Security Limited. The information contained in this message is confidential, may be privileged, and is intended for the addressee(s) only. If you have received this message in error please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. Matta Security Limited does not warrant that any attachments are free from viruses or other defects. Matta Security Limited will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on. --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Apr 17 2003 - 12:39:54 PDT