February 1st, 2003, 05:36 AM
question with ERD and also telneting to port 80.
alright two questions.
Ive come to realize that the SAM file (WINDOWS 2000 PRO) in %systemroot%\repair. is SYSKEY encrypted and cannot be cracked. (though i may be totally wrong..so correct me) So no worries there. However their is a possiblity that someone could make an ERD diskette under Guest privileges. could someone optain the real SAM file off this disc.(any utilities?) Or is the SAM file the same as the one in repair.
ok here goes number 2. I was goofing around and I ran telnet to connect to my friends computer on port 80(he was surfing the internet at this time). And what was odd is that it connected. Though when i hit a key connection was lost. Why does this happen? Is it possible to send strings of data to that port?
thanks again fellas for answering my questions.
February 1st, 2003, 12:49 PM
For the first question i have no idea... (abandon windowz plzz!) loool... but for the second, it happened to me many times... I think that i doesn't really connect, like with some servers, and when u hit key and it sends (perhaps i have no idea) it understands that XD. Talking about servers... does anyone know some servers to connect via telnet to them? I have tried with a lot, but nothing!
Answer the last question plzzz!
February 1st, 2003, 07:45 PM
As long as something is listening, a connection can be built. Your friend most likely has IIS running on his box. Drop to a command prompt and type, "netstat -an | more" (without the quotes) and see if you see 0.0.0.0 : 80. If you do, then IIS is running. You did say this is a W2k box right? Remember, outgoing web connections are initiated on ports above 1024. Web servers LISTEN on port 80 (for the most part).
Here is a little trick for you. Telnet to it again and type this when it connects:
GET / HTTP/1.0
Then hit enter a few times. You should get a nice little surprise back.
Here is another example, I telnet to port 25 on our mail servers to determine if mail relaying is turned on. You can even telnet to localhost on a specific port to see if something is listening. Try this out.
I hope this answers your question. Oh and if you want an explanation for the 1st question, send me a private message.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
February 1st, 2003, 08:13 PM
the SAM file is not copied to a windows 2000 ERD. It was in Windows NT but not 2k.
February 1st, 2003, 08:54 PM
The only way I know to grab the actual SAM file from a WINNT/2000 box is to boot to DOS, and use a utility like NTFS4DOS and mount the NTFS file system. This allows you to copy the SAM to a disk, and then you can attempt to get the passwords out of it. For this to work though you need physical access to the machine.
\"When you say best friends, it means friends forever\" Brand New
\"Best friends means I pulled the trigger
Best friends means you get what you deserve\" Taking Back Sunday