Chris Mawer wrote:

> My win2k box shows that three user-accounts on my windows 2000 machine
> report as being *empty*, <8 and 2 of the three share a NULL password LM
> Hash of AAD3B435B51404EEAAD3B435B51404EE.

> The Administrator account is most definitely not NULL,

   Isn't the system simply configured not to store the LM hashes, but
rather the NTLM hashes only? Is there a

        HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NoLmHash

key set in the registry? That disables the storage of LM hashes -- and
the best way to use it is to set passwords to something noone would
use as passwords (say something prevented by password policy, like empty
passwords, or very short ones), then disable LM hash storage by setting
this key, and then set the new passwords. That would produce the situation
you have, if I have understood it correctly.

> accounts are not guest users. Attempting login with null password is
> denied for all three accounts. LC3 is being run on the local machine.

   You don't say how you ran LC3 -- did you try to crack only the LM
hash, or both?

-- 
Anders Thulin   anders.thulinkiconsulting.se   040-661 50 63	
Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]