Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Fri, 02 Feb 2007 18:15:32 +0000
From: Hari Sekhon <hpsekhon@...glemail.com>
To:  john-users@...ts.openwall.com
Subject: Re: Windows Domain Account Cracking

Ok, googling I found pwdump2 which is supposed to be able to dump 
Windows AD domain accounts. I tried it on a spare domain controller. 
Unfortunately it just croaked and caused the lsass.exe process to crash 
and went to reboot automatically. I  I aborted the shutdown but now the 
lsass proc is dead I can't actually shut down the server properly. hmmm. 
I think I had a similar experience that last time I tried this sort of 
thing about a year and a half ago at my previous job.


The system process 'C:\WINDOWS\system32\lsass.exe' terminated 
unexpectedly with status code -1073741819.  The system will now shut 
down and restart.


I think it's possible that the Windows security upgrades that have been 
happening the last couple of years have broken this. I even tried 
disabling DEP for lsass but got the same result...

Anybody know if there is a way for me to disable any protections 
temporarily to allow me to do this?

Or another way of doing it possibly?


Thanks

Hari Sekhon



Hari Sekhon wrote:
> Hi,
>   I've used jtr for quite some time now and previously I have used 
> pwdump and cachedump on windows to get the hashes to crack. However, I 
> would like to do something a little grander this time to get all the 
> domain account/hashes dumped from my Windows 2003 Active Directory 
> domain. I have admin access to the domain controllers (not surprising 
> since I'm the primary admin of the domain) and expect I can probably 
> do this by running something similar to pwdump or cachedump.
>
> If I recall correctly, pwdump only works for local accounts and 
> cachedump only works for cached domain accounts.
> So what I am looking for is a way of going to the domain controller, 
> running some command and have it dump all the accounts and their 
> hashes for auditing.
>
> Does anybody know of such a program/method to get the hashes?
>
>
> Thanks
>
> -h
>

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ