heron heron wrote: > Is there a possibility on a Windows 2000 computers (physical access is possible) > to attain admin rights without to overwrite the admin account. Background: I > would like try to crack the password of the local admin (e.g. by means of pwdump > and John). There ist the possibility that all admin passwords (also for the > domain) is alike. Get a copy of Hacking Exposed Windows 2000, and study it, if you haven't already. Don't get stuck on getting admin rights, if user rights will do. If the network happens to be switched, it may prove better to break into and reconfigure a switch to give you all traffic for sniffing than to do arp spoofing. Look for the easy ways first. It may be that you don't have to do anything beyond cracking a user account, mounting a local share using those credentials, and then try pwdump3/l0phtcrack. If the system isn't well configured, you've won already. Or it may be that personal web server is the way to do it. Or that the AD is wide open. Unless you have a *good* password dictionary, plan for a week of cracking time, if you can. (Ordinary dictionaries are seldom useful for password cracking -- generating specialized dictionaries is often better.) L0phtcrack is still hopeless for serious dicitionary attacks (unless it changed since lc4 was released) -- try john the ripper instead: at least you can script an attack starting from small dictionaries and simple guesses to larger dictionaries and more complex guesses, interleaved with incremental mode guessing. > A further possibility at to come to information, would be the employment of a > SMB Proxy. By ARP Spoofing it would be nevertheless theoretically possible to > intercept the LM/NTLM(v1/v2) authentication . Then the attacker could itself > instead announce at the server. Does it give there already such a Tool? You are temporarily given the right to break into a network. What responsibility goes with that right? Is there anything that *must*not*happen*? (such as people panicking because they have found an intruder in their system?) Make sure you know before you start. If DoS is a no-no, be careful with attacks that may disrupt network traffic -- make sure you know them well before you deploy them. Show time may not be a good time to test out new and unfamiliar tools. -- Anders Thulin anders.thulinat_private 040-661 50 63 Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue May 27 2003 - 09:07:32 PDT