Network Exploit

L

little_drive

New Member
Hello,

I got a network and somebody broke into it. The person that broke into my network had physical acces to it. But I am sure the person didn't had admin rights. The passwords on my network are stored on a computer that the person that broke into my network didn't had acces to.

- I install latest updates
- The account the person could use couldn't execute any files. (.exe)
- However it could start batch files.
- Got antivirus scan.
- No virus/spyware/keyloggers or something.

Now I got the following questions.

- How did the person knew which computer has all the passwords stored in it?
- How did he copied those files? (SAM and System)

I tried to redo his actions so I know how he did that and secure my network.

- I tried on one of those computers that didn't had the password files stored in it.

- Bootdisk (method; start a bootdisk and copy the SAM and System files, it failed)
- www.loginrecovery.com (method; it failed cause the passwords aren't stored in it)
- Started knoppix, but couldn't copy the SAM and System files)

Those are all the SAM and System files on the local computer so this couldn't be the way the person could broke into my network.

- How did he find the computer with the passwords stored in it?

The network operating systems are all the same: Windows XP Professional with the latest updates.

Greetz Little drive
 
are you sure this person did not simply guess (or know) the correct password to taht machine, you say he had physical access, so perhaps its someone close to you, someone you wouldnt necessarily expect...??
 
Could be any number of ways. If he cracked the local SAM and the admin passwords are the same between machines, then he may have gone in that way.

Why did the bootdisk method fail? Last time I tested a physical-access exploit, a regular ol' DOS boot disc with NTFSDOS on it worked fine.

That was how I convinced the admin to a) use stronger passwords than his daughter's puppy's name and b) lock the BIOS, keeping a) in mind.
 
Last edited:
Well, I the bootdisk method failed because I am definetly sure that the person couldn't have physical acces to the machine that has all the passwords stored in, so how could he get those passwords when it's stored on an other machine? he/she didn't even know which machine.

And no, the passwords that I use can't be easily guessed cause it's mostly somekind of random thing but there is something logical in it. But only I know the logica.

Main question:

How could a person that has phsycally acces to a computer that doesn't has all the passwords stored in it get the passwords from a computer? (The person don't know which one of them has all the passwords and he/she has no physical acces to the computer where all passwords are stored in it)

Greetz Little
 
Last edited:
It's good to have a little knowledge of hacking.

There are many programs in circulation where a person simply has to put in a bootable CD of a program and it will grab all the passwords on a computer for admins, users etc. or across a network in your case.

Also some programs go round which will completely hide your computer, the S-I-D, MAC Address, I.P Address, making you virtually invisiable to the internet/networks.
 
Could you please tell me a program that can grab all the passwords from my network? So I can see if it actually works in this case.

Greetz Little drive
 
Unfortunately mate, no I can't and if I had them no I won't as the one I had was illegal so distributing it would/could get me fined/arrested/kicked in the face.

Sorry mate
 
No problem, I just should find them myself ^.^.

Few questions:

- Could you give a name so I know where to start?
- Is it possible with one of the Knoppix distributions or Emergency Bootdisk versions to get passwords in a network? (If yes, could you please specify which distribution of Knoppix?)

You helped me a lot thanks

Greetz Little drive
 
Last edited:
Once again I can't give you a name I dont want to get involved in it personally. Sorry. And I have no idea as to if you can or not (that i could of told you lol).

I will give you one tip: The software I had is now extremely hard to find due to the fact that the company was shut down because of the type of software it was making, 99% of all download links are removed, but good luck anyway ~^_^~
 
I did warn you mate, the tools you are looking for are very hard to find, of course you can always buy password recovery tools, but thier not the same thing, you need to have physical access to the computer and be logged onto it.
Sorry I can't help mate
 
It would help to know what kind of network you're talking about. If you've got servers, thier OS and thier base configuration... are you using logon scripts, enforcing policies, etc..
 
You must log in or register to reply here.
Back
Top