Date: Fri, 02 Feb 2007 18:15:32 +0000 From: Hari Sekhon <hpsekhon@...glemail.com> To: john-users@...ts.openwall.com Subject: Re: Windows Domain Account Cracking Ok, googling I found pwdump2 which is supposed to be able to dump Windows AD domain accounts. I tried it on a spare domain controller. Unfortunately it just croaked and caused the lsass.exe process to crash and went to reboot automatically. I I aborted the shutdown but now the lsass proc is dead I can't actually shut down the server properly. hmmm. I think I had a similar experience that last time I tried this sort of thing about a year and a half ago at my previous job. The system process 'C:\WINDOWS\system32\lsass.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart. I think it's possible that the Windows security upgrades that have been happening the last couple of years have broken this. I even tried disabling DEP for lsass but got the same result... Anybody know if there is a way for me to disable any protections temporarily to allow me to do this? Or another way of doing it possibly? Thanks Hari Sekhon Hari Sekhon wrote: > Hi, > I've used jtr for quite some time now and previously I have used > pwdump and cachedump on windows to get the hashes to crack. However, I > would like to do something a little grander this time to get all the > domain account/hashes dumped from my Windows 2003 Active Directory > domain. I have admin access to the domain controllers (not surprising > since I'm the primary admin of the domain) and expect I can probably > do this by running something similar to pwdump or cachedump. > > If I recall correctly, pwdump only works for local accounts and > cachedump only works for cached domain accounts. > So what I am looking for is a way of going to the domain controller, > running some command and have it dump all the accounts and their > hashes for auditing. > > Does anybody know of such a program/method to get the hashes? > > > Thanks > > -h > -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ