OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Regarding *.pwl files...
From: Gene Gomez (ggomezVERANCE.COM)
Date: Thu Jun 01 2000 - 11:24:30 CDT


Winodws 95 login boxHey all,
Regarding the mentioned *.pwl files, does anyone know of a crack that exists
to exploit *.pwl files in order to gain access to the domain passwords for
the users of a Win9x machine? I'd expect that something like l0phtcrack
exists to attack those.
My concern is that my Windows 2000 machines and their authentication
mechanisms are safe (the BIOS specifies boot from C: drive, then has setup
password protection...a local attacker would have to crack open the casing
to get past the OS), but Windows 9x has ALWAYS made me nervous. My company
is very security-conscious, so if I could demonstrate to them that we need
to migrate the remaining Windows 98 users to Windows 2000, that would be a
great boon to both my network and personal feeling of security.
Thanks!

-Gene
  -----Original Message-----
  From: Focus on Microsoft Mailing List
[mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Ray Marron
  Sent: Wednesday, May 31, 2000 3:04 PM
  To: FOCUS-MSSECURITYFOCUS.COM
  Subject: Re: Winodws 95 login box

  Correction: In my earlier reply to this thread, I mentioned *.pwd files
in the Windows directory. That should be *.pwl files, and the filename will
be the name of the associated user. Sorry!

  Ray Marron
  Network Administrator
  Mitchell Sweet & Associates
  raymmsamail.com
  http://www.msasolutions.com