October 11th, 2001, 10:18 PM
How do I hack NT,
Let me count thy ways... No I was just wondering what everyone's favorite way to hack a Nt machine. (Or most commonly used)
Mine - > pwdump2 and then run lopht
October 11th, 2001, 10:28 PM
To get usernames/passwords from the local box.
- Boot disk --> Fat16 or Fat32, copy sam file from the system32 directory, run brute force attack (l0pht for example)
- Use a boot disk for NTFS (dos for NTFS program), steal sam again from system32 and run brute force attack.
- Write your own programs to steal passwords from the log in screen
October 11th, 2001, 10:33 PM
Very nice.... After all, what is a hacker if he can't program.
October 11th, 2001, 11:20 PM
Use l0pht to decrypt the local admin password and then see if the target is daft enough to use the same local admin password on all it's kit.
Once you can subvert every workstation on the network, you pretty much have it to youself and you can do what you like.. just wait for the unsuspecting domain admin to login and execute than nice command you planted in the startup folder.
Heheh. Personally I prefer GCOS 8 cuz no bastard could every be arsed to hack into it.
October 11th, 2001, 11:50 PM
the best tool that i have found was Advanced NT Security Explorer it takes the sam file and cracks it, or it can take and do a registry dump, unless SYSKEY is on, or it can do a memory dump. When it does that then you could chose to do a brute force or dictionary attack. I played with it on my server and it worked great.
[gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]
October 14th, 2001, 12:03 AM
Well, I would have to say l0pht is used alot, and by most people.
if remote, and admin group access, sam dumps are all good.
but if remote and only normal user account access then problems
So if i only have a normal account i give my ftp crack a spin.
IISFTP opens password attacks with open arms, it dosnt dissconnect after X attemps and Admin group accounts can be cracked with it (even Administrator) remotely.
so i just upoad it, let it run localy (or against another comp on the remote lan) sit back and crack another beer open. although it is quite slow at the moment becuase it only uses single thread/sockets (approx 400/sec on Celeron 500 laptop).
November 13th, 2003, 11:41 PM
November 14th, 2003, 12:32 AM
LOL what is this? Guess posts like this didnt get negged as hard as they do now back a few years.
michael737n, just a handy reminder (my second one btw), bringing back posts at approximitly two years of age and then doing a one liner might be considered post whoring, and just kind of bad ettiquette in general since the post is rather...old? This could lead to you recieving negs and those definitely arent fun.