fretmelter66 Posted December 3, 2007 Share Posted December 3, 2007 i plugged it(usb drive) in and ran pwdump it made a log and the password portion says this Administrator:500:8602074632C936F7AAD3B435B51404EE:198190DCB6760B501B178A51C69FC 35C::: AutodeskVault:1024:NO PASSWORD*********************:0B7D0A38EA9FEC61B0FC1BF0ED751DC5::: (CENSORED)i:1005:NO PASSWORD*********************:NO PASSWORD*********************::: Guest:501:NO PASSWORD*********************:NO PASSWORD*********************::: HelpAssistant:1004:9B2A55969DA4BD234BF0153EB1502361:B4F5447107CC5F7D77EC0F49BB9E 96E0::: SophosSAUPLTWPERFET1:1025:C484BEA44F4906A0AB70F63946FD1432:3A3CEBDE92ED5FB91919F 22AEA461DF8::: SUPPORT_388945a0:1002:NO PASSWORD*********************:F7BBC74EC99BF11963C4D5FFBFD9D373::: Completed. now i know there is a password why is it saying tht. the pc did have administrative privilages. the censored part was the person logged on. Im using the pwdump from GONZORS payload Quote Link to comment Share on other sites More sharing options...
beakmyn Posted December 3, 2007 Share Posted December 3, 2007 How do you figure you didn't have administrative rights? You have valid PWDUMP with the local administrator hash. PWdump only dumps hashes for the local accounts since it's being run locally. That user is managed by a domain controller so it will not have a hash in Pwdump, that's what cachedump is for. If you want domain info you have to run it against a domain controller using a domain admin account, something you're not likely to get. Quote Link to comment Share on other sites More sharing options...
fretmelter66 Posted December 3, 2007 Author Share Posted December 3, 2007 i did a cache dump too,,what do i do with it? Quote Link to comment Share on other sites More sharing options...
trustme Posted December 3, 2007 Share Posted December 3, 2007 The real question is, what do you want to do with it? You can crack the admin password by going to plain-text info and entering the line after administrator. If you ran the password stealer (the other ones) you may have some passwords to look through. What were you trying to achieve by running the payload? (By the way, I know that it is possible to set pwdump/fgdump to run against the domain admin from the admin account, but don't try it. Two reasons, first as beakmyn said it won't return anything because the program needs the current user to be domain admin, second because it'll set off alarm bells in whatever organization you are performing a penetration and securities test on behalf of) If you wish to attempt to get some of the local users passwords the next step is to run a man in the middle attack. To do this you would have to crack the admin password, log on as admin locally (remember that the domain doesn't have an admin account going by that password, in windows you'll have to change the login to local computer by clicking options in the old login mode, google on how to get there). Then you can install a tool like ettercap or cain and abel and set it up to sniff the network.(I know there's other ways but this is the next progression given what he has gotten already.) If you need more help you can email or im or pm me or post here. (If this post looks too much like instructions on hacking your school, mods feel free to delete offending parts and just leave a line saying he's welcome to ask) Quote Link to comment Share on other sites More sharing options...
fretmelter66 Posted December 3, 2007 Author Share Posted December 3, 2007 ok so what ur d=saying is tht the bunch of numbers i got are encrypted and need to be decrypted? is tht a HASH? so i can use like rainbow tables to crack it right? Quote Link to comment Share on other sites More sharing options...
trustme Posted December 4, 2007 Share Posted December 4, 2007 Yeah, plain text info or rainbowtables. Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted December 4, 2007 Share Posted December 4, 2007 ok so what ur d=saying is tht the bunch of numbers i got are encrypted and need to be decrypted? Yes, read about windows' SAM file for details is tht a HASH? Yes, a Lan Manager (LM) hash to be exact, windows by default stores passwords in LM hashes so i can use like rainbow tables to crack it right? Yes, i'd reccomend using Ophcrack with 733mb tables Quote Link to comment Share on other sites More sharing options...
trustme Posted December 4, 2007 Share Posted December 4, 2007 Yes, i'd reccomend using Ophcrack with 733mb tables Or use plain-text info, bigger tables Quote Link to comment Share on other sites More sharing options...
fretmelter66 Posted December 4, 2007 Author Share Posted December 4, 2007 thnx for all the help all try ill ophcrack Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.