[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <4FCAC10B-ADB7-4ED7-817C-FDB51E5684B4@erols.com>
Date: Tue, 24 May 2005 14:04:08 -0400
From: Erik Winkler <ewinkler@...ls.com>
To: john-users@...ts.openwall.com
Subject: Re: *.chr files
Actually, admin rights are not always required. During many
sanctioned pen tests, I have discovered poorly configured SQL servers
with blank "sa" passwords and I have used pwdump2 through the
xp_cmdshell stored procedure. This is with privileges NT Authority
\System. Most buffer overflows that result in remote shells have
this type of access as well, which is all you need to dump the
password hashes.
Erik
On May 24, 2005, at 2:06 AM, Simon Marechal wrote:
> Solar Designer wrote:
>
>> So the point of enforcing strong Windows passwords is moot. Perhaps
>> it may still be worthwhile to do this to deal with those cases where
>> an attacker would possess other than LM hashes of the same passwords.
>>
>
> An attacker has to be admin first to dump the passwords. Good
> passwords will slow him down. And it is possible to disable the
> storage of NT passwords if you do not need backward compatibility ...
>
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
