Hi

Thank You for the files and advice however nothing worked.
1. the SAM file cannot be read on the target (access denied) with the
rights gained through unicode
2. backdoors are not a choice, since they run with the rights of the above
mentioned unicode
3. HK doesn't work under win2k (it produced permission denied message)
win2k never has been vulnarable to spoofed LPC port requests
4. autorun.inf didn't execute on mapping the directory (maybe some trick
is needed)
5. AT command returns access denied

to Dave:
it is interesting what you wrote, but i would like to ask You to go into
details about the All_users startup

> You could do this with a "Shell Folder" vulnerability, and others...

Could you tell more info about this bug?

> > 2) Brute force attack against accounts with local Administrator
> > privilege.

Does anyone knows any password brute forcer that works without accessing
the SAM file?

We are still eager to hear further ideas on this issue since nothing that
we tried worked yet.

. .. _ _________________________________________________________ _ .. .
Foldi Tamas - We Are The Hashmar In The Rootshell - Security Consultant
       crowlinuxfreak.com / crowkapu.hu / (+36 30) 221-74-77

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]