Jump to content

problem with PwDump


fretmelter66

Recommended Posts

i plugged it(usb drive)  in and ran pwdump it made a log and the password portion says this

Administrator:500:8602074632C936F7AAD3B435B51404EE:198190DCB6760B501B178A51C69FC

35C:::

AutodeskVault:1024:NO PASSWORD*********************:0B7D0A38EA9FEC61B0FC1BF0ED751DC5:::

(CENSORED)i:1005:NO PASSWORD*********************:NO PASSWORD*********************:::

Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::

HelpAssistant:1004:9B2A55969DA4BD234BF0153EB1502361:B4F5447107CC5F7D77EC0F49BB9E

96E0:::

SophosSAUPLTWPERFET1:1025:C484BEA44F4906A0AB70F63946FD1432:3A3CEBDE92ED5FB91919F

22AEA461DF8:::

SUPPORT_388945a0:1002:NO PASSWORD*********************:F7BBC74EC99BF11963C4D5FFBFD9D373:::

Completed.

now i know there is a password why is it saying tht.

the pc did have administrative privilages.

the censored part was the person logged on.

Im using the pwdump from GONZORS payload

Link to comment
Share on other sites

How do you figure you didn't have administrative rights? You have valid PWDUMP with the local administrator hash. PWdump only dumps hashes for the local accounts since it's being run locally. That user is managed by a domain controller so it will not have a hash in Pwdump, that's what cachedump is for. If you want domain info you have to run it against a domain controller using a domain admin account, something you're not likely to get.

Link to comment
Share on other sites

The real question is, what do you want to do with it?

  You can crack the admin password by going to plain-text info and entering the line after administrator.  If you ran the password stealer (the other ones) you may have some passwords to look through. What were you trying to achieve by running the payload? 

(By the way, I know that it is possible to set pwdump/fgdump to run against the domain admin from the admin account, but don't try it.  Two reasons, first as beakmyn said it won't return anything because the program needs the current user to be domain admin, second because it'll set off alarm bells in whatever organization you are performing a penetration and securities test on behalf of)

If you wish to attempt to get some of the local users passwords the next step is to run a man in the middle attack.  To do this you would have to crack the admin password, log on as admin locally (remember that the domain doesn't have an admin account going by that password, in windows you'll have to change the login to local computer by clicking options in the old login mode, google on how to get there).  Then you can install a tool like ettercap or cain and abel and set it up to sniff the network.(I know there's other ways but this is the next progression given what he has gotten already.)

If you need more help you can email or im or pm me or post here.  (If this post looks too much like instructions on hacking your school, mods feel free to delete offending parts and just leave a line saying he's welcome to ask)

Link to comment
Share on other sites

ok so what ur d=saying is tht the bunch of numbers i got are encrypted and need to be decrypted?

Yes, read about windows' SAM file for details

is tht a HASH?

Yes, a Lan Manager (LM) hash to be exact, windows by default stores passwords in LM hashes

so i can use like rainbow tables to crack it right?

Yes, i'd reccomend using Ophcrack with 733mb tables

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...