[foofus-tools] pwdump6

Keith Morrell keith.morrell at optusnet.com.au
Tue May 25 13:32:40 PDT 2010

Just a thoguht...I am looking soley at AD (Domain) accounts, not local
accounts...so any registry based stuff would not work for me....




From: Johny Death [mailto:johnydeath at hotmail.com] 
Sent: Tuesday, 25 May 2010 10:15 PM
To: fizzgig at foofus.net
Cc: foofus-tools at lists.foofus.net
Subject: Re: [foofus-tools] pwdump6


Hi Guys,

just arrived in the middle of the thread and it's very interesting stuff - I
see Keith has success now which is great.

I'd like to get current opinions regarding best methodology of hash dumping
- my last encounter which was several months ago and ended with the DC
dropping because of McAfee - yes I've seen the warnings... afterwards.

Will ver3.0 alpha (and production) negate the need to turn off the AV, or
would it still be considered better to get the AV disabled for the period of
the audit/test?  If this is the case and if part of a pentest, then an
agreement would have to be made between customer and tester like 'well I
believe I can achieve a hash dump, but a) do you want me to prove it, and b)
if you do, then what do you want to do to manage the risk'. 

I read a while ago that Metasploit uses a 'safe' technique now?

What does the floor think?

Keep up the good work - it's greatly appreciated



Get a free e-mail account with Hotmail. Sign-up
<http://clk.atdmt.com/UKM/go/197222280/direct/01/>  now.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.foofus.net/pipermail/foofus-tools-foofus.net/attachments/20100526/1ee58617/attachment-0004.htm>

More information about the foofus-tools mailing list