You can never fully secure a machine locally unless you remove all the drives, pad lock it up, put it in a sealed room with motion sensors in there.
Cracking the SAM file will only give you passwords locally. That is they will give you full access to the machine but not the network. This topic is far to deep to start looking into all the different methods of elievting privilidges, but if all you want is the local admin rights the SAM will provide you with that. The repair file could be old or may not contain the info you require.....as I said, you are lucky to be able to get what you want from there...however, I have done this a few times before when auditing some places so it shows that some admins don't take care when backing up The SAM in /WINNT/system32/config will contain the local passwords. However, if the machine is Win2K SP2 it will become much more difficult due to a few extra security measures microsoft introduced. A bit of research will reveal all. There are many other ways.....you can extract from the registry, you can set up sniffers capturing encripted logon packets...you can set up holes via scripts to run on an unsuspecting admin. You can expoloit current software running on the machine and spawn root shells from there....the list goes on and on and is changing everyday. I can't tell how to break into a particular system, they are all different...I can guide you towards the right way of thinking, and material to read up on. Gedi *apologies chris, the reply was acidentally sent to you instead of the list* --- Chris Berry <[EMAIL PROTECTED]> wrote: > >From: > > Haven't heard of this one before. I have a SAM file > in C:\winnt\repair but > the permissions look ok, pretty much only the admin > can get in there. I > read a few NT webpages that say the solution to this > security hole is to > change the permissions. Does this mean I'm safe > after all, or do I have a > vulnerability here? (I'm using win2k) > > Chris Berry > [EMAIL PROTECTED] > Systems Administrator > JM Associates > > "For Sys Admins paranoia isn't a mental health > problem, its a marketable job > skill." > > __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com
