You Already Have Admin, Dumbass
By Daniel Miessler on September 28th, 2007: Tagged as Information Security | Pentesting | Vulnerability Assessment
There’s an old saying in Tennessee — I know it’s in Texas, probably in Tennessee — that says, fool me once, shame on — shame on you. Fool me — you can’t get fooled again.” —President George W. Bush, Nashville, Tenn., Sept. 17, 2002
Nothing is more lame than trying to pull Windows hashes off a system in order to break the administrator account’s password when you are on the system because the admin password was blank.
Well, that’s actually not true. There’s one thing that’s more lame, and that’s doing it more than once.
Here’s my list of systems that I have admin access to, let me pull the hashes from this one that was wide open…la la la…pullng them….breaking them…admin password? Blank! Blank? Well what the hell does that get me? Ah, shit, I did it again…
Retardo the Destructor.
--
Perhaps there’s context that you didn’t provide, but I can think of several ways to have admin access to a box without knowing that the admin password is blank.
Comment by Zhasper — 9/30/2007 @ 9:15 am
True, but in this case I did know, but forgot.
Comment by Daniel Miessler — 9/30/2007 @ 9:23 am
Wait, this was you???
Bwahahahahahahaha… I thought you were quoting some random from Teh Intarwebs… I just assumed you wouldn’t do this yourself :)
Comment by Zhasper — 10/1/2007 @ 7:11 pm