My win2k box shows that three user-accounts on my windows 2000 machine
report as being *empty*, <8 and 2 of the three share a NULL password LM Hash
of AAD3B435B51404EEAAD3B435B51404EE. The third hash is different and I do
not wish to report it here for what id deem obvious reasons.
The three accounts include Administrator and two other users. The passwords
are known and have been fed into a wordlist. Running LC3 repeats these
results.
The Administrator account is most definitely not NULL, and the other two
accounts are not guest users. Attempting login with null password is denied
for all three accounts. LC3 is being run on the local machine.
1. Should I treat the box as compromised? Highly unlikely as there are
enough alarms in place
2. Should I report my findings to @Stake, in the belief LC has a flaw?
Much appreciated,
Chris Mawer
_________________________________________________________________
MSN Messenger - fast, easy and FREE! http://messenger.msn.co.uk
My win2k box shows that three user-accounts on my windows 2000 machine
report as being *empty*, <8 and 2 of the three share a NULL password LM Hash
of AAD3B435B51404EEAAD3B435B51404EE. The third hash is different and I do
not wish to report it here for what id deem obvious reasons.
The three accounts include Administrator and two other users. The passwords
are known and have been fed into a wordlist. Running LC3 repeats these
results.
The Administrator account is most definitely not NULL, and the other two
accounts are not guest users. Attempting login with null password is denied
for all three accounts. LC3 is being run on the local machine.
1. Should I treat the box as compromised? Highly unlikely as there are
enough alarms in place
2. Should I report my findings to @Stake, in the belief LC has a flaw?
Much appreciated,
Chris Mawer
_________________________________________________________________
MSN Messenger - fast, easy and FREE! http://messenger.msn.co.uk
[ reply ]