jht129 Posted January 21, 2009 Share Posted January 21, 2009 Hello everyone, its been a while since I've last been on the site. Anyway, I just have question today: I was wondering how to grab all domain users login credentials. It's been a project I've been working on for some months now, but haven't gotten much of anywhere. Is it even possible to grab everyone's username and password at once? Or at least the hashes? If someone could help me out that would be great! Thanks. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 21, 2009 Share Posted January 21, 2009 Hello everyone, its been a while since I've last been on the site. Anyway, I just have question today: I was wondering how to grab all domain users login credentials. It's been a project I've been working on for some months now, but haven't gotten much of anywhere. Is it even possible to grab everyone's username and password at once? Or at least the hashes? If someone could help me out that would be great! Thanks. Wonder in to the server room, brake the lock on the front of the cabinet, boot Ubuntu, done. Quote Link to comment Share on other sites More sharing options...
jht129 Posted January 21, 2009 Author Share Posted January 21, 2009 I laughed when I read that. I was talking about remotely though. Any ideas? Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 21, 2009 Share Posted January 21, 2009 I laughed when I read that. I was talking about remotely though. Any ideas? Social engineer an admin to get his password? Quote Link to comment Share on other sites More sharing options...
jht129 Posted January 21, 2009 Author Share Posted January 21, 2009 Dunno what that means, but any other ideas? I've tried using LC5 to retrieve hashes from the domain controller, but that only works for local accounts. Anything related to getting every user's login credentials? Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 21, 2009 Share Posted January 21, 2009 Dunno what that means, but any other ideas? I've tried using LC5 to retrieve hashes from the domain controller, but that only works for local accounts. Anything related to getting every user's login credentials? If exchange is been used and you have access to it all user names are listed there usually. Quote Link to comment Share on other sites More sharing options...
jht129 Posted January 21, 2009 Author Share Posted January 21, 2009 Unfortunately exchange hasn't been used. Logically, there has to be a way to retrieve usernames and passwords remotely right? Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 21, 2009 Share Posted January 21, 2009 Unfortunately exchange hasn't been used. Logically, there has to be a way to retrieve usernames and passwords remotely right? Logically the server is designed to never give this information away. That would be what is technically known in the IT profession as an ass backwards design. Quote Link to comment Share on other sites More sharing options...
jht129 Posted January 21, 2009 Author Share Posted January 21, 2009 Usernames or just passwords? Because I have been able to do usernames before. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 21, 2009 Share Posted January 21, 2009 Usernames or just passwords? Because I have been able to do usernames before. Both. Exchange offers usernames as a result of users been able to look up some ones email address from there real name. Quote Link to comment Share on other sites More sharing options...
jht129 Posted January 21, 2009 Author Share Posted January 21, 2009 Exchange hasn't been used though. But if the server isn't supposed to give away usernames OR passwords, then how come I've been able to retrieve all usernames? It only makes sense that there's a password option as well. Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 21, 2009 Share Posted January 21, 2009 But if the server isn't supposed to give away usernames OR passwords, then how come I've been able to retrieve all usernames? It only makes sense that there's a password option as well. You are trying to be logical without the logic. Servers don't give up there passwords ever. This is to the point that the server doesn't know what the passwords are, just the hashes for them. If I ask you for your house keys you must logically give them to me becasue I asked for them, very logical. Quote Link to comment Share on other sites More sharing options...
DingleBerries Posted January 22, 2009 Share Posted January 22, 2009 Servers don't give up there passwords ever. This is to the point that the server doesn't know what the passwords are, just the hashes for them. Well configured servers Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.