But you need administrator privileges to run either tool. An attacker
trying to break in can't use pwdump2/pwdump3 to get the hashes. An attacker
who already has administrator privileges doesn't need those tools because he
already has enough access to do what he wants...
-----Original Message-----
From: H D Moore [mailto:sflist (at) digitaloffense (dot) net [email concealed]]
Sent: Thursday, December 05, 2002 7:12 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: issues with syskey in NT 4.0
Syskey has shown itself to be worthless, you can always get the hashes
from a live system using pwdump2/pwdump3.
On Wednesday 04 December 2002 01:15 am, Sergey V. Gordeychik wrote:
> Another way is ntpasswd utility, which can switch off syskey, and after
> you can reset all passwords in the system. So, I don?t see any reason
> to use syskey in workgroup environment or on client boxes.
trying to break in can't use pwdump2/pwdump3 to get the hashes. An attacker
who already has administrator privileges doesn't need those tools because he
already has enough access to do what he wants...
-----Original Message-----
From: H D Moore [mailto:sflist (at) digitaloffense (dot) net [email concealed]]
Sent: Thursday, December 05, 2002 7:12 PM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Re: issues with syskey in NT 4.0
Syskey has shown itself to be worthless, you can always get the hashes
from a live system using pwdump2/pwdump3.
On Wednesday 04 December 2002 01:15 am, Sergey V. Gordeychik wrote:
> Another way is ntpasswd utility, which can switch off syskey, and after
> you can reset all passwords in the system. So, I don?t see any reason
> to use syskey in workgroup environment or on client boxes.
[ reply ]