Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Tue, 24 May 2005 14:04:08 -0400
From: Erik Winkler <ewinkler@...ls.com>
To: john-users@...ts.openwall.com
Subject: Re: *.chr files

Actually, admin rights are not always required.  During many  
sanctioned pen tests, I have discovered poorly configured SQL servers  
with blank "sa" passwords and I have used pwdump2 through the  
xp_cmdshell stored procedure.  This is with privileges NT Authority 
\System.  Most buffer overflows that result in remote shells have  
this type of access as well, which is all you need to dump the  
password hashes.

Erik

On May 24, 2005, at 2:06 AM, Simon Marechal wrote:

> Solar Designer wrote:
>
>> So the point of enforcing strong Windows passwords is moot.  Perhaps
>> it may still be worthwhile to do this to deal with those cases where
>> an attacker would possess other than LM hashes of the same passwords.
>>
>
> An attacker has to be admin first to dump the passwords. Good  
> passwords will slow him down. And it is possible to disable the  
> storage of NT passwords if you do not need backward compatibility ...
>


[ CONTENT OF TYPE text/html SKIPPED ]

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux