If you are using switches, perhaps they are high-end enough to allow
port-mirroring. That way you can sniff/monitor specific port traffic.
Your script kiddie reference bothers me. Script kiddies are those that do
not understand what they are doing and are simply using scripts or
precompiled programs that will give them a specific end-result.
To say that method ITSELF is "none too clever" is a very bogus statement -
and is usually the result of a legitimate admin's work.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Carric Dooley
Sent: Monday, August 28, 2000 11:07 AM
To: BY
Cc: NT 2000 Discussions; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [FW1] Administrator's password has been discovered by
non-priviledged user !
Hmmm.. a bunch of ways to do it;
1. boot up on a floppy running ntfsdos driver, copy over sam_ and crack
it with l0pht (if you bother to use NTFS... you can skip ntfsdos if you
use FAT).
2. Use linux boot disk
3. boot up off floppy and overwrite SAM_ with a default copy with no
password for admin.
4. use l0pht's smbsniffer to pull the hashes off the wire (if you are not
useing switches) and then crack that.
etc., etc.
This is just a few of the methods (and some of the more "script kidddy"
methods aswell.. none of it is too clever) to bypass MS models.
Carric Dooley CNE
COM2:Interactive Media
http://www.com2usa.com
"But this one goes to eleven."
-- Nigel Tufnel
On Sat, 26 Aug 2000, BY wrote:
>
> Hi there,
>
> I find this is really very annoying. The user with only a common domain
user
> priviledge who has no even power user priviledged. How does he find out
the
> local administrator's and even the domain account administrator's password
?
> I just hope he is lying to us. Cant really tell with his cheaky face
though.
>
> I am surprised that there is a hacking tool that can explore anyone's
> password with just a common domain user's priviledge account ? Can
somebody
> what would the possible hacking tools he is using ?
>
> A Big Thank You !
>
> BY
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
