florindo.gallicchioESAVIO.COM

• Next message: Adassovsky Michel: "[PEN-TEST] Linux"
• Previous message: Bennett Todd: "Re: [PEN-TEST] Crusoe chip."
• Next in thread: Dunker, Noah: "Re: [PEN-TEST] Cracking a Stolen SAM"
• Reply: Dunker, Noah: "Re: [PEN-TEST] Cracking a Stolen SAM"
• Reply: Deus, Attonbitus: "Re: [PEN-TEST] Cracking a Stolen SAM"
• Reply: Gallicchio, Florindo (2007): "Re: [PEN-TEST] Cracking a Stolen SAM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Friends:

I'm currently performing a penetration test, and I was able to access the
SAM file located in the WINNT/repair directory. Specifically, I exploited
the showcode.asp vulnerability to "see" the sam._ file in the \WINNT\repair
directory. I screen-scraped the relevant contents to a Notepad file, and
saved it.

Here's where I began to guess. First, I ran the file (I named it sam._)
through l0phtcrack and through the cracker on CyberCop, but it didn't take.
I then ran the file through the Windows "expand" command, and ran the
resulting file through the tools. Still nothing.

Here's where I'm stuck. I'm assuming that there are some funky control
characters in the screen-scrape file that I don't know about. I tried some
traffic analysis work on the file, but I quickly got a headache.

Can anyone please help? Thanks.

Florindo

________________________________________________
Florindo Gallicchio * Director, Security Services *
esävio * 15 Corporate Place South * 3rd Fl. *
Piscataway, NJ 08854 * 732.981.1991 x2007 *
florindo.gallicchioesavio.com
 * Adding Our Strength To Yours *

• Next message: Adassovsky Michel: "[PEN-TEST] Linux"
• Previous message: Bennett Todd: "Re: [PEN-TEST] Crusoe chip."
• Next in thread: Dunker, Noah: "Re: [PEN-TEST] Cracking a Stolen SAM"
• Reply: Dunker, Noah: "Re: [PEN-TEST] Cracking a Stolen SAM"
• Reply: Deus, Attonbitus: "Re: [PEN-TEST] Cracking a Stolen SAM"
• Reply: Gallicchio, Florindo (2007): "Re: [PEN-TEST] Cracking a Stolen SAM"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]