By request. This message was posted yesterday to NTbugtraq and bugtraq.

Erik Hjelmstad

-----Original Message-----
From: Windows NTBugtraq Mailing List
[mailto:NTBUGTRAQLISTSERV.NTBUGTRAQ.COM]On Behalf Of ehjelmstad
Sent: Monday, January 22, 2001 12:09 PM
To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
Subject: Announcing pwdump3

e-business technology would like to announce the release of pwdump3, a
Windows NT/2000 remote password hash grabber.

pwdump3 combines the functionality of pwdump by Jeremy Allison and
pwdump2 by Todd Sabin. It can extract the password hashes from a remote
Windows NT 4.0 or 2000 box whether or not syskey has been installed. It
does this by injecting a process onto the remote system, extracting the
hashes, then copying the hashes back to the local system. Using this
tool, a system administrator can check on the strength of the passwords
on his system.

Please note: pwdump3 does not exploit a new vulerability; it utilizes
existing Windows communications capabilities. To use the program
successfully, one must supply a username and password that has
administrative-level privileges on the remote system.

This program was written by Phil Staubs and has been released under the
GNU GPL.

To download pwdump3, go to http://www.ebiz-tech.com and click on the
"Download pwdump3" banner toward the bottom of the page.

NOTE: Officially, this is an unsupported product of e-business
technology. However, we are interested in receiving your feedback.
Please direct any comments, questions, etc to pwdump3ebiz-tech.com.

Erik Hjelmstad
ehjelmstadebiz-tech.com

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]