Are you sure you attached to the servers as a user with admin rights.
-----Original Message-----
From: Mike Shaw [mailto:mshawwwisp.com]
Sent: Monday, December 17, 2001 4:02 PM
To: focus-mssecurityfocus.com
Subject: question regarding SAM file / l0phtcrack / pwdump2

I'm currently in a quandry over a password audit.

The servers are all win2k.

I tried running pwdump2 and pwdump3. They both stop at the blinking cursor
and never report anything back (waited 1.5 hours). After that, the server
becomes unstable after awhile and a reboot is required (which needless to
say made the admin very happy). This happens on workstations too. The
only common thread is norton anti-virus. Anyone else observed this?

I can boot to dos and snag the SAM file, but it seems very old. When I
actually extracted the info it was only the local account info--not domain.
I assume that Active Directory user information is stored differently even
on a PDC?

I've also sniffed the hashes, but this proves way to time consuming. The
double whammy here is when they ask why they have to have secure passwords
when the system seems impervious to the common pw dumping tools.

Has anyone else run into this issue? If so what did you do to get around
it?

-Mike

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]