|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Regarding *.pwl files...
From: Damian Gerow (damian
ITACTICS.COM)Date: Thu Jun 01 2000 - 12:07:56 CDT
- Next message: Bernard, Norm: "Re: Windows 2000 and PGP"
- Previous message: Terrence Scahill: "Re: Winodws 95 login box"
- Maybe in reply to: Gene Gomez: "Regarding *.pwl files..."
- Next in thread: Gene Gomez: "Re: Regarding *.pwl files..."
- Next in thread: Ray Marron: "Re: Regarding *.pwl files..."
- Next in thread: Ray Marron: "Re: Winodws 95 login box"
- Maybe reply: Damian Gerow: "Re: Regarding *.pwl files..."
- Reply: Gene Gomez: "Re: Regarding *.pwl files..."
- Reply: David Rogers: "Re: Regarding *.pwl files..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If the Win98 local password is the same as the domain password, then
yes, the .pwl file does contain the domain password (as they're the
same). This tends to be the practice, as it is much easier because
Windows caches your password for you (Thanks, Bill!). There are
numerous .pwl file crackers on the internet. Search for one
(astalavista.box.sk is a good place to start).
Personally, you're running into a brick wall by moving everyone over to
Windows 2000. From what I've heard, it's a gigantic mess to have
everyone on it -- low product support, many bugs... If you've already
got a Win2k server, you're kinda screwed with NT.
Damian Gerow
Intellitactics, Inc.
- -----Original Message-----
From: Gene Gomez [mailto:ggomezVERANCE.COM]
Sent: Thursday, June 01, 2000 12:25 PM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Regarding *.pwl files...
Hey all,
Regarding the mentioned *.pwl files, does anyone know of a crack that
exists to exploit *.pwl files in order to gain access to the domain
passwords for the users of a Win9x machine? I'd expect that something
like l0phtcrack exists to attack those.
My concern is that my Windows 2000 machines and their authentication
mechanisms are safe (the BIOS specifies boot from C: drive, then has
setup password protection...a local attacker would have to crack open
the casing to get past the OS), but Windows 9x has ALWAYS made me
nervous. My company is very security-conscious, so if I could
demonstrate to them that we need to migrate the remaining Windows 98
users to Windows 2000, that would be a great boon to both my network and
personal feeling of security.
Thanks!
- -Gene
- -----Original Message-----
From: Focus on Microsoft Mailing List
[mailto:FOCUS-MSSECURITYFOCUS.COM]On Behalf Of Ray Marron
Sent: Wednesday, May 31, 2000 3:04 PM
To: FOCUS-MSSECURITYFOCUS.COM
Subject: Re: Winodws 95 login box
Correction: In my earlier reply to this thread, I mentioned *.pwd files
in the Windows directory. That should be *.pwl files, and the filename
will be the name of the associated user. Sorry!
Ray Marron
Network Administrator
Mitchell Sweet & Associates
raymmsamail.com
http://www.msasolutions.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBOTaYG/WPEBDMsfC4EQJ/pwCdEZyp6VOh/xf8l4Zq+u69Ld4nDQsAoNU8
ynapWOfcE5b1EM6VcFcgMCwG
=QzE+
-----END PGP SIGNATURE-----
- Next message: Bernard, Norm: "Re: Windows 2000 and PGP"
- Previous message: Terrence Scahill: "Re: Winodws 95 login box"
- Maybe in reply to: Gene Gomez: "Regarding *.pwl files..."
- Next in thread: Gene Gomez: "Re: Regarding *.pwl files..."
- Next in thread: Ray Marron: "Re: Regarding *.pwl files..."
- Next in thread: Ray Marron: "Re: Winodws 95 login box"
- Maybe reply: Damian Gerow: "Re: Regarding *.pwl files..."
- Reply: Gene Gomez: "Re: Regarding *.pwl files..."
- Reply: David Rogers: "Re: Regarding *.pwl files..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]