felony_destined Posted January 4, 2008 Share Posted January 4, 2008 So, I'm first going to give the scenario here and hope that I'm not flamed as I have read many posts looking for asnwers before desperately just posting my own and this isnt exactly the most pleasant place to get help, but what tech board is? so with out further prolongment my situation is as follows. . . . . . in school one of my teachers lets us watch movies pretty much ALL THE TIME, remotely educational ones I might add, only we have to watch them on a television. At first, one might think so whats abnormal about that, well nothing except the fact that in the classroom is a school imaged laptop with a lovely projector, basically WE WANNA WATCH OUR MOVIES ON THE BIG SCREEN! :shock: The next you might be wondering is, how on earth is this related to lm hashes? well here we go, now the scenario aswell as the attack are more than easy to understand in theory First some background information: Now, this year is alittle bit different then my previous ones at this school, I was actually on the schools help desk if you will, and therefore trusted with the admin password to all the computers, unfortunately that program was taken out of the school so no more students with admin privs. This presents a problem because I cant do all the things I used to be spoiled with. Now, not to stray too far away from my actual goal. . . to be able to watch movies on the lappy in the classroom. I noticed in the years before that we were unable to watch movies even on computers with DVD-ROMS, didnt take me long to figure out that well these banged up XP wanna-be images on the computers have the DVD ROMS disabled in the local policy, so what do I do? I just enable them again in the local policy editor. . . DUH! one problem with that = you need to be logged as administrator sooooooo. . . with some research including articles, tutorials, videos, and alittle self experience I've concluded that the most effective way to achieve knowledge of a local users password is using rainbow tables to find a lm hashs' plain-text. now, my first approach was to use backtrack and pwdump BUT. . . the boot sequence on the machines is HD 1st and the BIOS is password protected, now if I was really desperate yes of course I could pull the jumper but I mean what are the chances of me opening up a computer in the middle of class and not getting erm. . . disciplined for it? so, the next thing that caught my eye was that nifty little "USB Switchblade" hack I must say its brilliant. I actually have downloaded and ran it off my thumbdrive with success on a dummy target, now I understand that you need admin privelages to even get the hashes, but seeing as almost the entire school alumni knows me well as being computer knowledgable, I'm sure getting a staff member to log in as administrator FOR me while I secretly take the hashes wont be much of a task with my cunning and social engineering prone personality. so heres the problem, I watched the hak. 5 episode when this exploit is shown but with the package that I downloaded, and as a matter of fact I've tried all of them I get useless (well not exactly useless, but not significant to my dilema) information, for example saved browser passwords etc. all of that stuff is just lovely and was well noted for perhaps a later exploit but all I want is some lm hashes to the local users of the system so I'm asking this as humbly as I know how in hopes that it is recognized and returned back in the following posts, anyone got the switchblade package with a utility that DOES grab lm hashes that I can download. I tried making my own batchfile which is alittle less stealth but hardly suspicious to the idiots running my school however I'm not very successful getting pwdump to work either =[ Thank you in advance, A troubled teen :???: Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.