Date: Tue, 24 May 2005 14:04:08 -0400 From: Erik Winkler <ewinkler@...ls.com> To: john-users@...ts.openwall.com Subject: Re: *.chr files Actually, admin rights are not always required. During many sanctioned pen tests, I have discovered poorly configured SQL servers with blank "sa" passwords and I have used pwdump2 through the xp_cmdshell stored procedure. This is with privileges NT Authority \System. Most buffer overflows that result in remote shells have this type of access as well, which is all you need to dump the password hashes. Erik On May 24, 2005, at 2:06 AM, Simon Marechal wrote: > Solar Designer wrote: > >> So the point of enforcing strong Windows passwords is moot. Perhaps >> it may still be worthwhile to do this to deal with those cases where >> an attacker would possess other than LM hashes of the same passwords. >> > > An attacker has to be admin first to dump the passwords. Good > passwords will slow him down. And it is possible to disable the > storage of NT passwords if you do not need backward compatibility ... > Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.