Cracking Windows NT/2000
Passwords Using L0phtCrack (cont.)
¨
¨
Boot system from a Linux or DOS floppy disk and
retrieve SAM database at
%systemroot%\system32\config
–
Since DOS cannot read NTFS partition, attacker can
use NTFSDOS program
http://packetstorm.securify.com/NT/hack/ntfsdos.zip
to
access SAM database
–
To access NT and 2000 passwords from Linux boot
disk
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
¨
Use L0phtCrack’s SMB Packet Capture tool to
sniff a user’s password off of the network
¨
¨