Announcement

Collapse
No announcement yet.

Cracking a domain non-admin password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cracking a domain non-admin password

    Hi,

    I just posting this to see if anybody as tried this in practise, otherwise I am going to have to setup a testbed just thought I would save me some time. I suspect the answer will be yes. Please read and give me your views.

    Is it possible to crack a non-admin active directory account assuming this is account as logged onto the target machine sometime in the past (and you are allowed 10 grace logons if the AD is not available) and you already have admin access to the target machine?

    The situation I have is, a non-admin user, is using another non-admin users account. I have been asked for senarios for how this as happened, the first being, they have guessed the password or they have gotten it from some other source, a third senario is described above and the non-admin user has cracked or reset the local admin user on the member machine.

    regards
    thewomble.

  • #2
    Re: Cracking a domain non-admin password

    http://www.google.com/search?hl=en&q...ed+credentials
    Cheers,

    Rick

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

    Comment


    • #3
      Re: Cracking a domain non-admin password

      Or option # 4: user # 1 gave user # 2 their password.
      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Welcome to my world

        Well, well, well...

        Data Doctor Password Unmask will reveal a starred out password. SAMInside will dig the SAM of a computer and give you a PWDUMP file with hashes that you can have reverse-engineered with other programs (Password Pro is put out by the SAMInside peeps) that use various crack programs.

        LMCrack brags of breaking a hash in 60 secs. It whimpered and rolled over on itself when I presented the SAM from my bad server last week, so nothing's infallible, especially egos ; )

        Yeah, there are a variety of nefarious means to access a user's password, heck, a keystroke logging program on the target user's computer would do the same.

        Honestly, there are a good 10 to 15 tools I looked at last week that all can do this if given access to a AD or local SAM and/or a user's computer.

        If it were me, I'd lock down the questionable account by only allowing it to log on from a specific computer... the correct user's computer.

        You could also log all attempts to access with that ID from other computers to tag your bad user and send him/her to Human Resources with a permanent time-out.

        Also might send out a mass-mail to the user population reminding them that logging on with an ID and PW not their own is grounds for termination.

        Cracking the whip seems to work much more effectively than any tracking program I ever used, especially with you throw in there that any computer activity during company hours is considered the company's "intellectual property" and that the company has the "right" (never mention that you dont have the TIME) to read all mail and IM traffic on any company computer at ANY time, end of story, morning glory. (That shuts iTunes traffic down for at least a week at my place.)

        But hey, Im lazy.

        Good luck man!

        StillAsleep Stacy
        It's not what you know, it who's on your IM list.

        Comment


        • #5
          Re: Cracking a domain non-admin password

          StillAsleep:

          I believe thewomble was trying to determine how a user could crack another user's password on their domain account (not a local account). So the trick is finding the hash of the cached credentials. If you look at that Google link I posted earlier and examine the top pick or so, there are clues on how to do this. Once you have the hash, there are many ways to attempt to crack it. Sounds like you have some experience there.
          Cheers,

          Rick

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.

          Comment


          • #6
            Experienced woman *sigh*

            Unfortunately,

            I was hastily indoctrinated into the world of hash and crack last week. I will never be the same innnocent young admin again, dang you WEBSERVER!!!

            What should have been the frightening piece of the whole ordeal was that I came across several M$ publications alluding to how "easy" it is to hack the SAM -- provided you have access to said SAM.

            In my self-induced panic to break the local admin password on my server, all I could think was, "Thank the GODS they built this heretofore 'undocumented feature' into the product! YAY!!! Continued employment!!"

            There's many ways to get there, my friend, many ways.

            StillAsleep Stacy ; D
            It's not what you know, it who's on your IM list.

            Comment


            • #7
              Sneaking up on the co-workers

              You are sooo correct rvalstar! That link just sez it all!! No more secrets... wasnt that the password at the end of "SNEAKERS"?

              The rising tide lifts all knowledge bases, they say!

              On another note, domain passwords are super-easy to social engineer out of anyone these days.

              WIRED got it right methinks.

              Heck, that's if the user didnt write it down and leave it by the computer! How many times has anyone just looked under the mousepad/keyboard for the little sticky note with all the passwords at a user's desk?

              UGH, no challenge even!

              A little more sophistication in an S/E scenario would be the keystroke logging program. That would require console access to the target puter tho. Does the proposed perp have deskside access?

              Uhm, just rolling this around in the noggin, has the "wronged user" been asked if they gave their password out to anyone else at work or wrote it down anywhere?

              And, take it from me, ask that question a few times. But the third interrogation, er, time you question them, they usually 'fess up to SOME breach of security.



              Or you could just lock down the AD account to accept that logon from one computer only and go have yourself a Sonic cherry Dr Pepper soda pop!

              StillAsleep Stacy
              It's not what you know, it who's on your IM list.

              Comment

              Working...
              X