The Ethical Hacker Network - Video: MS SQL Preauth Attack, Pwdump and John the Ripper

Latest Additions

EH-Net Login

Welcome Guest.

Lost Password?

No account yet? Register

Who's Online
We have 47 guests and 2 members online

EH-Net News Feeds
Latest Additions

You are here: Home

Columns

Gates

Video: MS SQL Preauth Attack, Pwdump and John the Ripper

del.icio.us

Discuss in Forums

(8)

Follow along as we perform the following hack:

Exploit of the MSSQL 2000 Hello Buffer Overflow using the C port of the MSF module mssql2000_preauthentication.pm (thanks MC!)
Add a user to the local administrators group
Use pwdump3e to connect to the host with our administrative level credentials
Dump the SAM hashes
Crack them using John the Ripper

Enjoy and keep an eye out for future videos. Feel free to post comments and suggestions for future videos.

Thanks,
Chris Gates

< Prev		Next >

[ Back ]

Global Knowledge Training: Build Security Skills to Protect and Defend

Offensive Security
AWE Live in the Caribbean!
March 5 - 9, 2012

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format! Coupon Code: Refer_EHN Including SANS Phoenix 2012, SANS 2012

Recent Forum Topics

Calendar Of Events : ROOTCON 6 (0) by don
Links to cool sites. : The InterN0T Forums are back! (13) by vp75
Network Pen Testing : Where and how to gain knowledge? (25) by pharmerjoe
Security : Overview of New CISSP Domains Effective January 1, 2012 (1) by shaqazoolu
Network Pen Testing : Packet Capture on Cisco Router (1) by 3xban
News from the Outside World : VeriSign Hacked Several Times, Won't Reveal the Details (0) by don
Web Applications : Some questions as usual ? (1) by dynamik
Calendar Of Events : CarolinaCon 8 (1) by SephStorm
Links to cool sites. : IRC Channels (11) by Jamie.R
Network Pen Testing : choice of university (0) by pushaaaz
Hadnagy : [Article]-Top 5 Tips To Make Social Engineering Your Career (9) by lorddicranius
Forensics : Printer history (4) by TheInvisible
OSCP - Offensive Security Certified Professional : Hardware for OSCP (3) by j0rDy
Calendar Of Events : WorldToor (0) by don
Calendar Of Events : ToorCamp 2012 (0) by don
Calendar Of Events : HOPE Number Nine (0) by don
News Items and General Discussion About EH-Net : [Article]-February 2012 Free Giveaway Sponsor - Global Knowledge (3) by 3xban
Programming : Open source security projects to participate in? (7) by 3xban
Compliance, Regulations & Standards : InfoSec Clauses to be included in SLAs (1) by dynamik
Tools : Combining Wordlists (4) by Jamie.R
Calendar Of Events : BSidesSanFrancisco 2012 (2) by lorddicranius
Calendar Of Events : DEF CON 20 (1) by dynamik
Calendar Of Events : DerbyCon 2.0 - The Reunion (1) by dynamik
Calendar Of Events : SecureWorld Expo Boston 2012 (0) by don
Looking For Work : looking for a summerjob (0) by pushaaaz
Calendar Of Events : HITBSecConf 2012 - Amsterdam (0) by don
Calendar Of Events : OWASP AppSec DC 2012 (0) by don
Calendar Of Events : OWASP AppSec Research 2012 (0) by don
Calendar Of Events : OWASP AppSec Asia 2012 (0) by don
Web Applications : Please help me with PHP injection(Some command not working) (11) by MaXe
Book Reviews : Recomended book for Pen Tester (29) by MaXe
Calendar Of Events : BSidesChicago 2012 (0) by don
General Certification : Is it true? (5) by dynamik
Calendar Of Events : BSidesLondon 2012 (0) by don
Calendar Of Events : BSidesIowa 2012 (0) by don
Calendar Of Events : BSidesPHX 2012 (0) by don
Calendar Of Events : Notacon 9 (0) by don
Network Pen Testing : Capture the Flag competitions (14) by seanuk
Tutorials : Securitytube Metasploit videos (11) by Jamie.R
Security : SANS security courses too expensive? (15) by lorddicranius
Programming : Joe McCray Python for Security Professionals (6) by lorddicranius
Calendar Of Events : RSA Conference 2012 (1) by don
Network Pen Testing : SEC709: Developing Exploits for Penetration Testers and Security Researchers (2) by pharmerjoe
Other : You... Shmoo? (Meet-up Thread) (7) by tturner
Web Applications : Best tools for non-intrusive scans (16) by eyenit0
Looking For Work : Help me with my Resume (4) by dear_hacker
Other : Third party VPN services question? (8) by dynamik
Social Engineering : Email engineering (10) by nytfox
Web Applications : How to test if website is writable (13) by nytfox
Web Applications : Red flags for a website's security? (7) by nytfox

Try CBT Nuggets Free!