LCP
Posted: 07 Oct 2005, 12:05
Hi guys, I want to use this program bcz I have read somewhere on this forum that we can get back password. So I'm trying it on my box and I read all the help file on the theory about pass files.
If I get the point, I can't get my password on my box bcz I don't have a second OS or a botting floppy of linux. Which is required to copy the sam file and then importing it in the LCP program.
After I tried with the examples that come with LCP and it was very nice... So I got pwdump2 and it says it need lsaas.exe. I ran a Search and can't find it.
So is there any way to get pwd on my box( I'm the only user with admin right)
SRY I played around and problem solve...
However, I can't understant this part... well I can't do it bcz it always say that I can't change the name for cmd.exe bcz it already exist.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
In case you do not have administrative privileges at the local computer, it is possible to use a vulnerability of Windows NT/2000/XP/2003 operating systems, which in fact allows to change a screen saver, launched in case of logon absence for the particular amount of time (it is 15 minutes for Windows NT/2000 and 10 minutes for Windows XP/2003 by default) to a different program. To perform this, you need to change %SystemRoot%\system32\logon.scr to desired executive file (cmd.exe for example), which will be launched by the operating system instead of screen saver with system privileges. This change can be done by method used to copy a SAM file. You can get an access with write capability to a NTFS disk by NTFSDOS Professional or NTFS for Windows 98 programs. After this you need obtain hashes by pwdump2 or pwdump3/pwdump3e methods.
If I get the point, I can't get my password on my box bcz I don't have a second OS or a botting floppy of linux. Which is required to copy the sam file and then importing it in the LCP program.
After I tried with the examples that come with LCP and it was very nice... So I got pwdump2 and it says it need lsaas.exe. I ran a Search and can't find it.
So is there any way to get pwd on my box( I'm the only user with admin right)
SRY I played around and problem solve...
However, I can't understant this part... well I can't do it bcz it always say that I can't change the name for cmd.exe bcz it already exist.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
In case you do not have administrative privileges at the local computer, it is possible to use a vulnerability of Windows NT/2000/XP/2003 operating systems, which in fact allows to change a screen saver, launched in case of logon absence for the particular amount of time (it is 15 minutes for Windows NT/2000 and 10 minutes for Windows XP/2003 by default) to a different program. To perform this, you need to change %SystemRoot%\system32\logon.scr to desired executive file (cmd.exe for example), which will be launched by the operating system instead of screen saver with system privileges. This change can be done by method used to copy a SAM file. You can get an access with write capability to a NTFS disk by NTFSDOS Professional or NTFS for Windows 98 programs. After this you need obtain hashes by pwdump2 or pwdump3/pwdump3e methods.