February 1st, 2004, 12:29 AM
Ted, you have a valid point, and I think that you are right for the most part...as long as you are not the one who breaks into the system, or you do not collaborate directly to help compromise the system.
This is fine and dandy and all...as long as both of the above apply, and there are no extenuating circumstances that would cause a third variable to fall into play.
I for instance, by nature of my employment with a certain entitiy, have such a third variable. The 99.975% chance that nothing would happen to me or my employment does not outweigh the .025% chance that something would, IMHO.
You can call me a puss or whatever...I don't care. I worked very hard to get the job that I have, and I'm not about to risk losing that.
Besides, there are plenty of step by step explinations of how to do it...many on this site. Maybe I'll just link to one next time, like newinnash did, instead of feigning ignorance.
I for one wouldn't even fool around with the SAM. It's much easier to enumerate the information from the LSA, especially if you have physical access.
And if you know the person really well, you probably have the password on you computer already from when he checked his Hotmail account from your computer the last time he came over to visit. (Survey says: 95% of people polled use the same password for everything)
Not bashing or flaming...just explaining.