Password Harvesting

Posted by ghimau under
Hihihi.. I was trying testing a server which holds the username and password for all the employees. Try to guess what server it is?

I got the administrators password by doing some sort of social engineering called shoulder surfing. Never thought it was so easy.. hihihi

Then trying to dump the password hashes remotely from my computer, but did'nt get any result... I wonder why.. so I do a little auditing and found that the remote registry service is disabled on the target machine.

Having admin access to that machine is like winning a RM 10,000 lottery. I disabled the infamous china bear anti virus services (because this anti virus block my process of dumping the password hashes) - guess aunty virus will certainly know the 'china bear' hihihi.

Using the fgdump utility, i managed to get all the users passwords.. oh my god.. there's 3228 users..

Actually I'm just doing a POC on password handling.. Remember, password is like a toothbrush, never share it with others :)


On 17 September 2007 at 14:09 , ct_ramlah said...

usen ajar aku gaks....

On 17 September 2007 at 14:20 , yan said...

ya ilmu klu bawak mati rugi....klu d kebangkan menjadi2 kembang semagkuknya

On 18 September 2007 at 07:29 , ghimau said...

ct.. leh ajer nak ajar ko.. insya allah tada hal punya.. ko tgk yan skang ni.. dah bertambah kembang hasil dari ilmu yang dikembangkan :P

On 19 September 2007 at 08:35 , ghimau said...

Hmm.. aku ada plan nak buat web site personal ni.. ingat dlm tu nak letak tutorial2 security dlm bahasa melayu..