Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 24 May 2005 14:04:08 -0400
From: Erik Winkler <>
Subject: Re: *.chr files

Actually, admin rights are not always required.  During many  
sanctioned pen tests, I have discovered poorly configured SQL servers  
with blank "sa" passwords and I have used pwdump2 through the  
xp_cmdshell stored procedure.  This is with privileges NT Authority 
\System.  Most buffer overflows that result in remote shells have  
this type of access as well, which is all you need to dump the  
password hashes.


On May 24, 2005, at 2:06 AM, Simon Marechal wrote:

> Solar Designer wrote:
>> So the point of enforcing strong Windows passwords is moot.  Perhaps
>> it may still be worthwhile to do this to deal with those cases where
>> an attacker would possess other than LM hashes of the same passwords.
> An attacker has to be admin first to dump the passwords. Good  
> passwords will slow him down. And it is possible to disable the  
> storage of NT passwords if you do not need backward compatibility ...

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.