To get around the risk of crashing LSASS, I'd perform a Windows backup of
the Windows directory and look for the backup SAM file in the Windows/Repair
folder.
As seems to be expected on mailing lists, here's a link:
http://www.infowar.com/forums/showthread.php?threadid=6886
Enjoy.
Isaac Van Name
Systems Administrator
Southerland, Inc.
ivanname@southerlandsleep.com
"What good would you do with an ignorant employee? Ignorance is grounds for
dismissal..." - Mario Spinthiras
Open Source developing at its finest:
"Written in vim, W3C valid and UTF-8 encoded, for her pleasure."
Disclaimer: This email is intended only to be used to feign intellectual
mastery of a subject or superhuman command of the English language, when
profanity is involved. By reading this email, you are agreeing to cease all
correspondence with the sender upon realizing your own ignorance, and
furthermore to refrain from taking legal action against said sender when
your compounding ignorance crushes your inadequate self-esteem. Have a nice
day.
Original> -----Original Message-----
Original> From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com]
Original> On Behalf Of xelerated
Original> Sent: Monday, October 23, 2006 7:01 AM
Original> To: pen-test@securityfocus.com
Original> Subject: Password audits
Original>
Original> I have been given the task of doing a password audit.
Original> No problem, except I can use pwdump for the slight risk of
Original> having to reboot a DC.
Original>
Original> I know there are many ways to get a pw dump from a DC but my
question
Original> is this.
Original> What is the safest way to get that, so that you dont risk having a
DC
Original> need to reboot
Original> or have to install software on the DC?
Original>
Original> In the past I have used pwdump, different versions, and usually i
Original> didnt have to reboot the box, but there was that rare occasion
that
Original> that it made lsass puke and had to be rebooted.
Original>
Original> Thanks in advance for your input.
Original>
Original> Chris
Original>
Original>
------------------------------------------------------------------------
Original> This List Sponsored by: Cenzic
Original>
Original> Need to secure your web apps?
Original> Cenzic Hailstorm finds vulnerabilities fast.
Original> Click the link to buy it, try it or download Hailstorm for FREE.
Original>
http://www.cenzic.com/products_services/download_hailstorm.php?camp
Original> =701600000008bOW
Original>
------------------------------------------------------------------------
Original>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
