Jump to content



Recommended Posts

Hi pros, I recently got a Lan Turtle for doing a pentest against my network. My  purpose is to be able to remotely login to my network and be able to access the user database to see all usernames and passwords. I am not quite sure of which exploit to use in achieving this. Any help please.

Link to comment
Share on other sites

What precisely do you mean by "user database"?  Are you talking about recovering password hashes for users from Windows machines?  Linux?  Mac OS X?  Or from an actual database?

To get password hashes for the OS, you have to have Administrator (Windows) or root (Linux / Mac OS X) permissions.  Windows password hashes reside in the Security Account Manager file (SAM file... and that is its name), or /etc/shadow on Linux / Mac OS X.

Which exploit you will use to get Administrator or root will depend on a huge number of factors, including:

  1. How well is the system defended?
  2. How strong are the passwords?
  3. What services / ports are active and listening?
  4. Are any applications running as NT Authority\SYSTEM or root?
  5. Is anyone dumb enough to tell you their credentials over the phone, in response to an email, or on a fake credential-harvesting web site?
Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...