name of password file - Microsoft Windows

This is a discussion on name of password file - Microsoft Windows ; VC> Only root can cat the file. Access rights on /etc/shadow are VC> rw------- root root, i.e. no user is allowed to read the file. VC> VC> There are more probabilities to crack the password file on VC> Windows because ...

+ Reply to Thread
Results 1 to 8 of 8

Thread: name of password file

  1. name of password file

    VC> Only root can cat the file. Access rights on /etc/shadow are
    VC> rw------- root root, i.e. no user is allowed to read the file.
    VC>
    VC> There are more probabilities to crack the password file on
    VC> Windows because there are many more chances that a user
    VC> also has administrative privileges; the rights of the first - and
    VC> generally unique - user on a Windows machine in Workgroup
    VC> mode defaults to admin. Hence brute force against local
    VC> passwords is more likely to succeed on a Windows
    VC> workstation than on *NIX machine, on which it's bound to
    VC> fail by default.

    Your argument is based upon the false assumption that Windows NT has
    the same root-versus-everyone-else dichotomy that Unix and Linux
    have. That is false. Being a member of the administrators group does
    not grant a user access to the SAM database, which can only be
    accessed by the Local System user account. In fact, administrators
    have to make use of a privilege escalation exploit in order to
    directly access the SAM database.


  2. Re: name of password file

    J de Boyne Pollard wrote:

    > VC> There are more probabilities to crack the password file on
    > VC> Windows because there are many more chances that a user
    > VC> also has administrative privileges; [...]
    >
    > Your argument is based upon the false assumption that Windows NT has
    > the same root-versus-everyone-else dichotomy that Unix and Linux
    > have. That is false. Being a member of the administrators group does
    > not grant a user access to the SAM database, which can only be
    > accessed by the Local System user account. In fact, administrators
    > have to make use of a privilege escalation exploit in order to
    > directly access the SAM database.


    Your argumentation is based on the false assumption I meant "crackable
    directly by a user who has administrative rights". Although I never
    mentionned how to do that, you're not required to use privilege escalation.

    Just an example: a user who has administrative rights can control (almost)
    any service, including Task Scheduler, which runs under the SYSTEM account.
    Run the "at" command with a batch that will brute force the sam and you're
    done.

    That's how I once gained access to a folder although I was denied access
    using Administrator... No privilege escalation, just use a design flaw. And
    this still seems true with Windows 2000 and 2003 (although I haven't tried
    yet).

    You'd object under Ubuntu, which I completely agree with, a default user can
    run administrative commands using "sudo" without being prompted without a
    password. That's perfectly true and I dislike that principle quite a lot.

    However using sudo without a password is the result of a (poor)
    configuration setting. I know no such control over the Task Scheduler under
    Windows.

    And, please, never make assumptions on anybody's assumptions...

    --

    Vince C.

  3. Re: name of password file

    On 2007-10-16, Vince C. wrote:

    > You'd object under Ubuntu, which I completely agree with, a default user can
    > run administrative commands using "sudo" without being prompted without a
    > password. That's perfectly true and I dislike that principle quite a lot.
    >
    > However using sudo without a password is the result of a (poor)
    > configuration setting.


    And trivially fixed with visudo.

    --

    John (john@os2.dhs.org)

  4. name of password file

    VC> There are more probabilities to crack the password file on
    VC> Windows because there are many more chances that a user
    VC> also has administrative privileges; [...]

    JdeBP> Your argument is based upon the false assumption that
    JdeBP> Windows NT has the same root-versus-everyone-else
    JdeBP> dichotomy that Unix and Linux have. That is false. Being
    JdeBP> a member of the administrators group does not grant a
    JdeBP> user access to the SAM database, which can only be
    JdeBP> accessed by the Local System user account. In fact,
    JdeBP> administrators have to make use of a privilege escalation
    JdeBP> exploit in order to directly access the SAM database.

    VC> Your argumentation is based on the false assumption I meant
    VC> "crackable directly by a user who has administrative rights".

    It wasn't an assumption. It was what you explicitly wrote.

    VC> Just an example: a user who has administrative rights can
    VC> control (almost) any service, including Task Scheduler, which
    VC> runs under the SYSTEM account. Run the "at" command
    VC> with a batch that will brute force the sam and you're done.
    VC>
    VC> That's how I once gained access to a folder although I was
    VC> denied access using Administrator... No privilege escalation,
    VC> just use a design flaw.

    Wrong. It _is_ a privilege escalation exploit. Indeed, it is the
    very privilege escalation exploit that I was alluding to. Task
    Scheduler was redesigned in Windows NT version 6 in order to remove
    it.




  5. Re: name of password file

    "J de Boyne Pollard" a écrit dans le message de
    news: 1192618740.818547.304250@v23g2000prn.googlegroups. com...
    > VC> There are more probabilities to crack the password file on
    > VC> Windows because there are many more chances that a user
    > VC> also has administrative privileges; [...]
    >
    > JdeBP> Your argument is based upon the false assumption that
    > JdeBP> Windows NT has the same root-versus-everyone-else
    > JdeBP> dichotomy that Unix and Linux have. That is false. Being
    > JdeBP> a member of the administrators group does not grant a
    > JdeBP> user access to the SAM database, which can only be
    > JdeBP> accessed by the Local System user account. In fact,
    > JdeBP> administrators have to make use of a privilege escalation
    > JdeBP> exploit in order to directly access the SAM database.
    >
    > VC> Your argumentation is based on the false assumption I meant
    > VC> "crackable directly by a user who has administrative rights".
    >
    > It wasn't an assumption. It was what you explicitly wrote.


    No.


    > VC> Just an example: a user who has administrative rights can
    > VC> control (almost) any service, including Task Scheduler, which
    > VC> runs under the SYSTEM account. Run the "at" command
    > VC> with a batch that will brute force the sam and you're done.
    > VC>
    > VC> That's how I once gained access to a folder although I was
    > VC> denied access using Administrator... No privilege escalation,
    > VC> just use a design flaw.
    >
    > [...] It _is_ a privilege escalation exploit.


    A privilege escalation based upon a design flaw, let's face the truth.
    Besides both expressions ("Design flaw" and "Privilege escalation") are not
    mutually exclusive.

    We don't seem to have the same conception on that particular topic, I recon.
    Let's then close that chapter at this point, if you don't mind, since it's
    mostly off-topic.

    Vince C.



  6. name of password file

    VC> There are more probabilities to crack the password file on
    VC> Windows because there are many more chances that a user
    VC> also has administrative privileges; [...]

    JdeBP> Your argument is based upon the false assumption that
    JdeBP> Windows NT has the same root-versus-everyone-else
    JdeBP> dichotomy that Unix and Linux have. That is false. Being
    JdeBP> a member of the administrators group does not grant a
    JdeBP> user access to the SAM database, which can only be
    JdeBP> accessed by the Local System user account. In fact,
    JdeBP> administrators have to make use of a privilege escalation
    JdeBP> exploit in order to directly access the SAM database.

    VC> Your argumentation is based on the false assumption I meant
    VC> "crackable directly by a user who has administrative rights".

    JdeBP> It wasn't an assumption. It was what you explicitly wrote.

    VC> No.

    Your denial is belied by the message that you actually wrote.

    VC> Just an example: a user who has administrative rights can
    VC> control (almost) any service, including Task Scheduler, which
    VC> runs under the SYSTEM account. Run the "at" command
    VC> with a batch that will brute force the sam and you're done.
    VC>
    VC> That's how I once gained access to a folder although I was
    VC> denied access using Administrator... No privilege escalation,
    VC> just use a design flaw.

    JdeBP> Wrong. It _is_ a privilege escalation exploit. Indeed, it
    JdeBP> is the very privilege escalation exploit that I was alluding
    JdeBP> to. [...]

    VC> A privilege escalation based upon a design flaw, let's face the
    truth.
    VC> Besides both expressions ("Design flaw" and "Privilege
    escalation")
    VC> are not mutually exclusive.

    No-one said that they were. You, however, were asserting that it was
    not a privilege escalation exploit. You are now agreeing that it is.


  7. Re: name of password file

    J de Boyne Pollard wrote:

    > Assumptions over assumptions about what he knows better than me about what

    I was writing or trying to express.

    Man, you should probably relax and contact a good psychiatric doctor for you
    seem to prove excellence in inducing to me what you think I was actually
    writing. I don't know if you have a psychology degree or whatever but I
    hate the solemnal tone you took to try convincing me on what I did write or
    not.

    Read this, I mean carefully:

    I and only *I* know - mind you - far much better than your own self what *I*
    am/was going to express and have been expressing. Your words are closest to
    judgment than to open-minded criticism. If you can't tolerate in an
    open-minded fashion that the posters might disagree with your
    interpretation of their own words, there's nothing I or anybody else can do
    for you.

    Instead of arguing on what I have expressed or not you should have re-read
    and allowed yourself to question on whether you really understood. That is
    to say allow for doubt somewhere and allow yourself to be wrong.

    And I repeat: you are, without any known, accurate, contextual reference in
    the situations I reported, unable nor allowed to take any position to think
    better than my brain the relations between the sentences that I posted in
    my messages. Am I making it clear?

    Instead of attacking people like you did on me - something makes me think I
    can be almost certain I'm not the first one you fire with such arrogant
    sentences - you might get better social relationships trying to refrain
    from thinking you know better than the others what they said or wrote.

    In less words: you should try humility. You'll see, that helps much more.

    Also: read more than once and allow others to disagree with you. You are not
    the only one person on earth who thinks he's right, I'm afraid (don't
    worry, I'm not talking about myself). Doubt always has a chance to make
    people better. Undenied certainty won't get you anywhere but into trolling.
    If you can't make any constructive criticism, you'd better get off forums
    at all.

    So long.

    --

    Vince C.

  8. name of password file

    VC> J de Boyne Pollard wrote
    VC> Assumptions over assumptions about what he knows better than me
    about what
    VC> I was writing or trying to express.

    Wrong. Your repeated lengthy denial on this subject is belied by
    _what you actually wrote_. Go and read it.

    VC> Instead of attacking people like you did on me [...]

    No-one has attacked you. No-one has said anything about _you_ at
    all. Everyone else has addressed your argument and the subject at
    hand. You have attacked others, though. This is Unmistakable Mark
    #2. Here are two such attacks, for example:

    VC> Man, you should probably relax and contact a good psychiatric
    doctor [...]
    VC> [...] arrogant sentences - you might get better social
    relationships [...]

    Those are Unmistakable Mark #5, by the way.

    And here, from someone who just wrote about others not knowing what xe
    thinks, is irony:

    VC> [...] thinking you know better than [...]

    A general rule on Usenet is that anyone who, in a technical
    discussion, who posts about the poster rather than about the subject,
    and starts talking about doctors and implying motives on the part of
    other people (e.g. "You think that you are..."), has no technical
    contributions to make and has lost any arguments.

+ Reply to Thread