Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 040596.html (Request Expert securityfocus.com Support)

Re: LC4 (L0phtCrack) error "Couldn't open SAM\Domains\Account\Users in SAM file. Possibly improper format."

From: Chris McNab <chris.mcnab(at)trustmatta.com>
Date: Thu Apr 17 2003 - 13:42:46 EDT


Hey,

I am aware that in the UK at least, Ministry of Defence (MOD) and other government systems holding classified or restricted data often run NTSE (NT Secure Edition), which apparently is a government build of NT that doesn't use the standard SAM cryptographic format, and has been quoted as 'not vulnerable to L0phtCrack attacks' as the RC4-based stuff is. I can't find any reference to the CESG (UK government Communications and Electronic Security Group) NTSE build details on the web, so can't dig up any supporting evidence right now.

Are these government or corporate systems that are supposed to be hardened in this fashion? If not, have you tried using the pwdump3.exe command-line tool to extract the hashes into an ASCII text file, then transport them?

Regards,

Chris

-----Original Message-----
From: flexicon33@yahoo.com [mailto:flexicon33@yahoo.com] Sent: Wednesday, April 16, 2003 2:25 PM
To: pen-test@securityfocus.com
Subject: LC4 (L0phtCrack) error "Couldn't open SAM\Domains\Account\Users in SAM file. Possibly improper format."

Hi,
I'm trying to import some SAM files into LC4, and for some reason LC4 doesn't like the format. I get the above error for any of 5 SAM files I'm trying.

For a pen test, I got these sam files by senging a 'tptp put' command to the SQL server (had no 'sa' password) so the SAM files were sent to my tftp server. There were 5 of these servers, so I got 5 SAM files to try. LC4 doesn't like any of them.

Do you need help?X

However, LC4 works for other SAM files... I tested with my own SAM file (w2k) and also another I downloaded from a machine via an http exploit... LC4 had no problems opening those 2 and working on them.

Why does LC4 complain about these other SAM files? Does some other sam format exist or did they get mangled somehow? Thanks...
Flexicon33, CISSP

Chris McNab
Technical Director

Matta Security Limited
18 Noel Street
London W1F 8GN

Tel: 0870 077 1100
Mob: 0788 626 0878

This e-mail was sent from Matta Security Limited. The information contained in this message is confidential, may be privileged, and is intended for the addressee(s) only. If you have received this message in error please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. Matta Security Limited does not warrant that any attachments are free from viruses or other defects. Matta Security Limited will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any virus being passed on.


Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the world's premier event for IT and network security experts. The two-day Training features 6 hand-on courses on May 12-13 taught by professionals. The two-day Briefings on May 14-15 features 24 top speakers with no vendor sales pitches. Deadline for the best rates is April 25. Register today to ensure your place. http://www.securityfocus.com/BlackHat-pen-test
Received on Thu Apr 17 15:40:42 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:35 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library