Cracking Windows NT/2000 Passwords Using L0phtCrack (cont.)
¨
¨Boot system from a Linux or DOS floppy disk and retrieve SAM database at %systemroot%\system32\config
–Since DOS cannot read NTFS partition, attacker can use NTFSDOS program http://packetstorm.securify.com/NT/hack/ntfsdos.zip to access SAM database
–To access NT and 2000 passwords from Linux boot disk http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
¨Use L0phtCrack’s SMB Packet Capture tool to sniff a user’s password off of the network
¨
¨