On Mon, Aug 14, 2000 at 05:22:01PM +0530, Rajesh Divakaran wrote:
> hi,
> l0pht crack will NOT allow to PDC/BDC registry , if u are a normal user...
> only users with some privilages can access it .
> so its not l0pht crack.
Wrong answer...
If you are not FULLY patched up with ALL the latest service
packs (NT4.0sp6 plus all the hot fixes) there here is always one of
the GetAdmin varient to boost your privilege on the NT box. Once
there, you can run L0phtCrack in sniffing mode. Again, if you are not
up to the latest service packs plus the hot fixes (I think SP4 is
minimum here) then the lastest L0phtCrack can sniff hashes right off
the wire and crack them. And if you have any Windows 95 boxes on that
net, they won't even be a speed bump.
There are lots and lots of ways to elevate your privileges on
an NT box. There are also some Linux boot disks running around which
will allow you to capture the local SAM and then crack it at your leasure.
Once you have local Admin then either L0phtCrack or even something simple
(and common) as a backup service with clear text passwords in the registry
will begin to give you access between systems. We saw numerous systems
cracked using backup software! Once you have busted local admin, if you
have backup software with a common account password between systems you can
often abuse the backup account into access the other systems. Sometimes
(if your admins REALLY haven't been paying attention) that can be the
PDC/BDC. Game over.
Does your system have a floppy drive that the system can boot from?
Does your system have a CD-Rom from which you can boot from? Pick up a
copy of "Hacking Exposed" and look at the fun and games that can be had with
a CD-Rom with the autorun option. Have you turned off autorun on all your
systems? If not, he could have busted Admin just by walking up to a
system, with Administrator logged in and screen locked, and inserted an
autorun CD.
Then we have some of the classics. Do any of your people like
the cutsey cards and games people pass around in E-Mail? The kiddies
have this little toy called cellophane. Take one executable greeting
card plus back-orifice 2000 (bo2k) and then wrap them together with
cellophane and E-Mail them to your favorate chump^H^H^H^H^Hnetwork
administrator. When he runs it, he sees a cute greeting card (or game)
and has instantly compromised his system without knowing it. You now
own him.
Sooo... Are you FULLY up to date at SP6 with ALL the hotfixes?
Have you protected yourself against floppy boots? Have you protected
yourself against CD-Rom boots? Have you protected yourself against
autorun from CD? Have you disable all execution of active content
attachments from E-Mail and from Web, including executables, java,
javascript, word files, excel files (these are really preemo), and others?
Have you got the latest patches to IE, Word, Excel, and Access?
If you answered no to ANY of the above... You can be had. And
the ways are too numerous to count.
> Rgds
> Rajesh
> J wrote:
>
> > l0pht crack can do it give 24 hrs and the rights to the box.
> > ----- Original Message -----
> > From: "BY" <[EMAIL PROTECTED]>
> > To: "NT 2000 Discussions" <[EMAIL PROTECTED]>;
> > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> > Sent: Saturday, August 26, 2000 5:54 AM
> > Subject: Administrator's password has been discovered by non-priviledged
> > user !
> >
> > > Hi there,
> > >
> > > I find this is really very annoying. The user with only a common domain
> > user
> > > priviledge who has no even power user priviledged. How does he find out
> > the
> > > local administrator's and even the domain account administrator's password
> > ?
> > > I just hope he is lying to us. Cant really tell with his cheaky face
> > though.
> > >
> > > I am surprised that there is a hacking tool that can explore anyone's
> > > password with just a common domain user's priviledge account ? Can
> > somebody
> > > what would the possible hacking tools he is using ?
> > >
> > > A Big Thank You !
> > >
> > > BY
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
