Seems you are correct. Before I post this doubt I had already tried Pwdump2
and L0phtcrack from @stake but both only deals with SAM info. I tried
Pwdump3 as suggested and got the same result. I tried the cashed info as
suggested by the article pointed by Simonis and really got some interesting
info like clear text of my dial-up saved password (using LSADUMP2) but
could not find anything related with my domain password (I use laptop and I
can make logon with the same user/password both in corporate LAN as in
home. Only if I try to change my password that W2K looks necessarily for my
domain controller).
Rgds,
Paulo
At 22:46 2/9/2003 +0200, Kim Oppalfens wrote:
>Hi,
>
>Interesting site stating that saved passwords and passwords from dial-up
>sessions, web sites and so on can be found using
>The infamous tool calles lsadump. All fine & well, but it doesn't do
>squad for the initial statement that started this thread being the
>cached credentials. Unless I am very much mistaken, in that case
>guidelines would be very welcome, there is no publicly available tool
>that displays the cached credential password. Nor do I think the storage
>location of the cached credentials is public knowledge.
>
>Kim Oppalfens
>
>-----Original Message-----
>From: simonis [mailto:simonis (at) myself (dot) com [email concealed]]
>Sent: dinsdag 2 september 2003 14:42
>To: fala83 (at) libero (dot) it [email concealed]
>Cc: focus-ms; todd
>Subject: Re: focus-ms (at) securityfocus (dot) com [email concealed]
>
>
>"fala83 (at) libero (dot) it [email concealed]" wrote:
> >
> > In my opinion a system wouldn'n cache password locally.
> > E.g. Sysadmin logs in into a workstation and password will be stored
> > locally. An attacker could retrieve his password and login into the
> > whole network whit administrative privileges. It is not completely
> > safe. I'd rather prefer use Kerberos, using his tickets to access
> > network resource without caching password. Anyway if the password must
>
> > be stored locally, it must be!
> >
>
>A kerberos (read: network) password doesn't do squat for a disconnected
>user wishing to log on with their network account. It is for this
>purpose that Windows can and does cache the password, and not just
>for a specific user.
>
>Check out http://is-it-true.org/nt/registry/rtips320.shtml
>
>-ds
>
>-----------------------------------------------------------------------
-
>---
>KaVaDo provides the first and only integrated Web application scanner
>and
>firewall security suite that prevent Web applications attacks, the most
>common form of online exploitation. Download a FREE whitepaper on
>Security Policy Automation for Web Applications.
>http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
>-----------------------------------------------------------------------
-
>---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
Seems you are correct. Before I post this doubt I had already tried Pwdump2
and L0phtcrack from @stake but both only deals with SAM info. I tried
Pwdump3 as suggested and got the same result. I tried the cashed info as
suggested by the article pointed by Simonis and really got some interesting
info like clear text of my dial-up saved password (using LSADUMP2) but
could not find anything related with my domain password (I use laptop and I
can make logon with the same user/password both in corporate LAN as in
home. Only if I try to change my password that W2K looks necessarily for my
domain controller).
Rgds,
Paulo
At 22:46 2/9/2003 +0200, Kim Oppalfens wrote:
>Hi,
>
>Interesting site stating that saved passwords and passwords from dial-up
>sessions, web sites and so on can be found using
>The infamous tool calles lsadump. All fine & well, but it doesn't do
>squad for the initial statement that started this thread being the
>cached credentials. Unless I am very much mistaken, in that case
>guidelines would be very welcome, there is no publicly available tool
>that displays the cached credential password. Nor do I think the storage
>location of the cached credentials is public knowledge.
>
>Kim Oppalfens
>
>-----Original Message-----
>From: simonis [mailto:simonis (at) myself (dot) com [email concealed]]
>Sent: dinsdag 2 september 2003 14:42
>To: fala83 (at) libero (dot) it [email concealed]
>Cc: focus-ms; todd
>Subject: Re: focus-ms (at) securityfocus (dot) com [email concealed]
>
>
>"fala83 (at) libero (dot) it [email concealed]" wrote:
> >
> > In my opinion a system wouldn'n cache password locally.
> > E.g. Sysadmin logs in into a workstation and password will be stored
> > locally. An attacker could retrieve his password and login into the
> > whole network whit administrative privileges. It is not completely
> > safe. I'd rather prefer use Kerberos, using his tickets to access
> > network resource without caching password. Anyway if the password must
>
> > be stored locally, it must be!
> >
>
>A kerberos (read: network) password doesn't do squat for a disconnected
>user wishing to log on with their network account. It is for this
>purpose that Windows can and does cache the password, and not just
>for a specific user.
>
>Check out http://is-it-true.org/nt/registry/rtips320.shtml
>
>-ds
>
>-----------------------------------------------------------------------
-
>---
>KaVaDo provides the first and only integrated Web application scanner
>and
>firewall security suite that prevent Web applications attacks, the most
>common form of online exploitation. Download a FREE whitepaper on
>Security Policy Automation for Web Applications.
>http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
>-----------------------------------------------------------------------
-
>---
------------------------------------------------------------------------
---
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
------------------------------------------------------------------------
---
[ reply ]