%systemroot%system32sethc.exe
Replace it with cmd.exe
Boot into Windows and press SHIFT five times. Command Prompt with SYSTEM privileges will pop-up (Not tested).
---
Download DreamPackPL and replace %systemroot%System32sfcfiles.dll with the downloaded one (I'm not sure if it works with Windows XP, I only tested it in my W2K).
---
Download WinlogonHijack and run it from a Service or anything else with SYSTEM-Privileges (I didn't test it yet, but the author claims it to work 100%). It'll log all passwords of logins to a file (But I don't know, if it catches network-pws (i.e. Domain-pws) too).
--- ---
Now I've got a question:
kickarse posted a link to a nice paper about NT's login. Now, does anybody have a link to a similar paper about W2K, XP or maybe even Vista?
Also I'd like to know if the password for domain-logins are saved anywehere (cached or just temporary in memory)? If so, it should be possible to save them anyhow . :twisted:
L0phtcrack Crew wrote a Utility to catch these passwords in a NT-Network, it's called something like Blabla SMB ... maybe there's a new Version available?
Let me know and thanks :D