The Hack FAQ

14.0 NT Console Attacks

This section deals with attacking at the NT Console.

14.1 What does direct console access for NT get me?

First off, a number of NT client attacks may not work if your target system does not allow logins except at the console. Any brute force attack will obviously work much quicker if you are not going across the network.

14.2 What about NT's file system?

Obviously gaining access to the file system from the console is much easier than across a network, especially if the Sys Admin is trying to keep you out.

Try booting up the system from an MS-DOS diskette, and running NTFSDOS.EXE to access the NTFS file system. Currently this software is read only, so it is only good for getting copies of existing data. Linux is another OS that will read an NTFS file system, but "simply loading Linux" on a "spare partition" is usually impractical, and hardly simple if you are not familiar with it. See the question regarding recovering a lost NT password that uses Linux in the recovery process. I mean, if you log in as Administrator then you definitely have access to the file system ;-).

14.3 What is Netmon and why do I care?

NetMon is Microsoft's Network Monitor. It is a sniffer that runs under NT, and being a sniffer if you have to ask why you care, well, never mind ;-)

NetMon is protected by a password scheme on version 3.51 that has nothing to do with regular NT security. In Phrack 48 file 15, AON and daemon9 have not only cracked the encryption scheme, they have written exploits for it as well. Check the resources section for the location of the exploit code (it includes full source including a Unix version in case you do not have an NT compiler).

By the way, compared to other commercial sniffers, this early version of NetMon sucks. It would only look at traffic to and from the machine you are running it on. However, newer versions of NetMon supposedly do actual promiscuous sniffing and is a more useful tool. I have not seen this new NetMon but others report good things about it.

Top | Next: NT Client Attacks | Previous: NT Passwords | Table of Contents