Consolidation of Power

• Cracking the SAM: from local admin to domain admin, other users. See look for SAM, Disable LanMan authentication. Apply service packs!

• Cracking 2K, XP Passwords: See an introduction/FAQ. L0phtcrack is the key tool, graphical, good documentation.

  • Countermeasures: choosing strong passwords -- no dictionary words, seven digits (if LanMan not disabled), alpha, special characters, facts, names from youth,etc. Win 2K, XP use Use SYSKEY SAM encryption, but Pwdump6 circumvents SYSKEY and dump hashes from SAM and Active Directory.

• Duplicate credentials: locally stored domain user credentials (same user domain account), local Administrator with same password as in the Domain.

• LSA Secrets: includes plain text service account passwords, cached passwords(last 10), FTP and web user plain text passwords, etc. A hack: Cain or available info by Design? DSScan detects LSA vulnerabilities.

• Keystroke loggers: record every keystroke to a (hidden) file. Free Keylogger and SurfControl/Websense are tools to capture keystrokes and more.

• Sniffers: See Sniff tools and also BUTTsniffer, and CommView.

Assumes that administrator-level access has been obtained.

Previous slide

Next slide

Back to first slide

View graphic version