[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Administrator's password has been discovered bynon-priviledged user !

To: firewalls@Lists.GNAC.NET
Subject: Re: Administrator's password has been discovered bynon-priviledged user !
From: Mike Forrester <mikef@pocketlint.com>
Date: Mon, 28 Aug 2000 10:57:55 -0600

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hopefully not getting too off topic...

Add HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management
Value Name:            ClearPageFileAtShutdown
Data Type:            REG_DWORD
Value:            1
NOTE:  Fills all inactive pages in the paging file with zeros when the
system is shutdown to prevent them from being read by another process.

This registry setting prevents just that.

Mike

----- Original Message -----
From: "Drennan Richard E CONT NEOD" <Drennan@eodpoe2.navsea.navy.mil>
To: "'Rajesh Divakaran'" <rajesh@wisor.com>; "Kevin Johnston"
<johnston@syrres.com>; "firewall" <firewalls@Lists.GNAC.NET>
Sent: Monday, August 28, 2000 6:30 AM
Subject: RE: Administrator's password has been discovered bynon-priviledged
user !


> Not only can you go into promiscuous mode, correct me if I'm wrong but, I
> thought that you could boot the NT server on floppy and copy the page file
> to get at the hash.
>
> Regards,
> Richard Drennan
>
>
> -----Original Message-----
> From: Rajesh Divakaran [mailto:rajesh@wisor.com]
> Sent: Monday, August 14, 2000 8:26 AM
> To: Kevin Johnston; firewall
> Subject: Re: Administrator's password has been discovered
> bynon-priviledged user !
>
>
> I have checked it.. But i was not able to
> I looged in as a normal user and tried to do it.. but no luck
> where as when i logged in as a admin equalvant user. it did
> could u tell me how it can be done..
>
> rgds
> Rajesh
>
>
> Kevin Johnston wrote:
>
> > Don't need access to the Registry with L0phtcrack.  It can sniff the
> > network for NT hashes, including the Administrator's.
> >
> > At 05:22 PM8/14/00 Monday+0530, you wrote:
> > >hi,
> > >l0pht crack will NOT allow to PDC/BDC registry , if u are a normal
> user...
> > >only users with some privilages can access it .
> > >so its not l0pht crack.
> > >
> > >Rgds
> > >Rajesh
> > >
> > >
> > >J wrote:
> > >
> > > > l0pht crack can do it give 24 hrs and the rights to the box.
> > > > ----- Original Message -----
> > > > From: "BY" <bysoo@iprimus.com.au>
> > > > To: "NT 2000 Discussions" <nt2000@ls.swynk.com>;
> > > > <fw-1-mailinglist@lists.us.checkpoint.com>;
<firewalls@lists.gnac.net>
> > > > Sent: Saturday, August 26, 2000 5:54 AM
> > > > Subject: Administrator's password has been discovered by
> non-priviledged
> > > > user !
> > > >
> > > > > Hi there,
> > > > >
> > > > > I find this is really very annoying. The user with only a common
> domain
> > > > user
> > > > > priviledge who has no even power user priviledged. How does he
find
> out
> > > > the
> > > > > local administrator's and even the domain account administrator's
> > > password
> > > > ?
> > > > > I just hope he is lying to us. Cant really tell with his cheaky
face
> > > > though.
> > > > >
> > > > > I am surprised that there is a hacking tool that can explore
> anyone's
> > > > > password with just a common domain user's priviledge account ? Can
> > > > somebody
> > > > > what would the possible hacking tools he is using ?
> > > > >
> > > > > A Big Thank You !
> > > > >
> > > > > BY
> > > > >
> > > > > -
> > > > > [To unsubscribe, send mail to majordomo@lists.gnac.net with
> > > > > "unsubscribe firewalls" in the body of the message.]
> > > > >
> > > > -
> > > > [To unsubscribe, send mail to majordomo@lists.gnac.net with
> > > > "unsubscribe firewalls" in the body of the message.]
> > >
> > >--
> > >---------------------
> > >One day you realize that you are turning bald,
> > >You  wish there was  'CUT & PASTE' in life
> > >
> > >
> > >-
> > >[To unsubscribe, send mail to majordomo@lists.gnac.net with
> > >"unsubscribe firewalls" in the body of the message.]
> >
> > *************************************
> > Kevin T Johnston
> > Research Engineer
> > Syracuse Research Corporation
> > 6225 Running Ridge Road
> > North Syracuse, NY 13212
> > Phone:  (315) 452-8318
> > FAX:    (315) 452-8310
> > Email:  johnston@syrres.com
>
> --
> ---------------------
> One day you realize that you are turning bald,
> You  wish there was  'CUT & PASTE' in life
>
>
> -
> [To unsubscribe, send mail to majordomo@lists.gnac.net with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to majordomo@lists.gnac.net with
> "unsubscribe firewalls" in the body of the message.]
>

-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Prev by Date: Do It your Self VPN/Firewall
Next by Date: L0pht Crack (was: RE: [FW1] Administrator's password has been di scovered by non-priviledged user !)
Prev by thread: Re: Administrator's password has been discovered bynon-priviledged user !
Next by thread: Re: Administrator's password has been discovered bynon-priviledged user !
Index(es):
- Date
- Thread