Re: LM Hashes and NTLM Hashes with Windows Server 2003
The Escalation didn't work. I tried for both of the *_SUSY users. The IUSR_SUSY was the one I logged into as, and I was able to escalate using chntpw or whatever it's called, but when I logged into the server, I was still an unprivileged user.
For IWAM_SUSY, it failed, couldn't find the registry key or something.
What's odd now, when I log in as IUSR_SUSY, I can run net user and see all the users. There's 11. Cinder45 is listed, but no Administrator (although there's an Administrator account listed in BOTH Ophcrack and ntchpw). There's no Administrator user listed under Active Directory Users and Accounts. But there's Cinder45, and that's the username I was told to use originally, but the password doesn't work, and when I run OphCrack or chntpw, it doesn't list Cinder45.
It shows this PC is the actual domain controller. It's susy.data.local or data.susy.local. The accounts must be stored in some other place besides the SAM, but where? And what do I use to change them? I can log in with the F8 trick as Administrator, just fine. The sarvy.exe program or whatever it's called has been failing, saying there's unknown user (it's just running the net user Administrator <new password> command. I tried with and without the /domain.
So maybe I should change it to net user Cinder45 and see what happens?
The Escalation didn't work. I tried for both of the *_SUSY users. The IUSR_SUSY was the one I logged into as, and I was able to escalate using chntpw or whatever it's called, but when I logged into the server, I was still an unprivileged user.
For IWAM_SUSY, it failed, couldn't find the registry key or something.
What's odd now, when I log in as IUSR_SUSY, I can run net user and see all the users. There's 11. Cinder45 is listed, but no Administrator (although there's an Administrator account listed in BOTH Ophcrack and ntchpw). There's no Administrator user listed under Active Directory Users and Accounts. But there's Cinder45, and that's the username I was told to use originally, but the password doesn't work, and when I run OphCrack or chntpw, it doesn't list Cinder45.
It shows this PC is the actual domain controller. It's susy.data.local or data.susy.local. The accounts must be stored in some other place besides the SAM, but where? And what do I use to change them? I can log in with the F8 trick as Administrator, just fine. The sarvy.exe program or whatever it's called has been failing, saying there's unknown user (it's just running the net user Administrator <new password> command. I tried with and without the /domain.
So maybe I should change it to net user Cinder45 and see what happens?
Comment