Folks,
I performed an LDAPquery and listed the users in the OU.
I just used pwdump to collect all of the information from
the domain then greped out the pertinent hashes.
Thanks,
Matt
-----Original Message-----
>From: ben.dexter act.gov.au
>Sent: Oct 10, 2007 2:44 AM
>To: pen-testsecurityfocus.com
>Subject: Re: Re: Password Crack an OU in Windows 2003
>
>No you don't. However, the main issue appears to be
cracking a limited subset of the AD database.
>
>Michael, assuming you have been able to dump the
username/hashes from a DC to a file could you just get a
listing of the appropriate users (net group? I'm going on a
leap of faith that they will all have at least one group in
common as they are all in the same OU, or use Hyena etc) and
filter out all of the other username/hashes prior to
cracking?
>
>Ben.
>
>--------------------------------------------------------
----------------
>This list is sponsored by: Cenzic
>
>Need to secure your web apps NOW?
>Cenzic finds more, "real" vulnerabilities
fast.
>Click to try it, buy it or download a solution FREE
today!
>
>http://www.cenzic.com
/downloads
>--------------------------------------------------------
----------------
>
------------------------------------------------------------
------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com
/downloads
------------------------------------------------------------
------------
|
