Re: Re: Password Crack an OU in Windows 2003

Thread: Re: Re: Password Crack an OU in Windows 2003

Search this list only Search all lists
Re: Re: Password Crack an OU in Windows 2003
	2007-10-11 02:08:20
Good Morning everyone, did you do that with domain admin rights or anonymously? There are group policy settings to restrict anonymous ldap queries of AD. Take Care and Have Fun --John -------------- Original message ---------------------- From: Matthew Webster <awakeningsmindspring.com> > Folks, > > I performed an LDAPquery and listed the users in the OU. I just used pwdump > to collect all of the information from the domain then greped out the pertinent > hashes. > > Thanks, > > Matt > > -----Original Message----- > >From: ben.dexteract.gov.au > >Sent: Oct 10, 2007 2:44 AM > >To: pen-testsecurityfocus.com > >Subject: Re: Re: Password Crack an OU in Windows 2003 > > > >No you don't. However, the main issue appears to be cracking a limited subset > of the AD database. > > > >Michael, assuming you have been able to dump the username/hashes from a DC to a > file could you just get a listing of the appropriate users (net group? I'm going > on a leap of faith that they will all have at least one group in common as they > are all in the same OU, or use Hyena etc) and filter out all of the other > username/hashes prior to cracking? > > > >Ben. > > > >-------------------------------------------------------- ---------------- > >This list is sponsored by: Cenzic > > > >Need to secure your web apps NOW? > >Cenzic finds more, "real" vulnerabilities fast. > >Click to try it, buy it or download a solution FREE today! > > > >http://www.cenzic.com /downloads > >-------------------------------------------------------- ---------------- > > > > > > > ------------------------------------------------------------ ------------ > This list is sponsored by: Cenzic > > Need to secure your web apps NOW? > Cenzic finds more, "real" vulnerabilities fast. > Click to try it, buy it or download a solution FREE today! > > http://www.cenzic.com /downloads > ------------------------------------------------------------ ------------ > ------------------------------------------------------------ ------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com /downloads ------------------------------------------------------------ ------------

[1]

about | contact Other archives ( Real Estate discussion Medical topics )