• Content count

  • Joined

  • Last visited

Everything posted by ranleyos

  1. So, here's the gig... I have a box that for exploratory purposes, I'd like to acquire the admin's password. I have done this several times before using a combination of tools, knoppix, accessing the sam, cain, etc.. Anyway, nothing seems to be working. The hash seems to be absolutely uncrackable. I haven't done this in a while, and I don't use windows all that often, so I'm wondering if there has been some incredible security update that is new to xp? I've even tried rainbow tables on this bad boy. If I import the pwdump file to cain it indicates that the type is: LM & NTLM. Is this type uncrackable? Should I just throw in the towel? Can anyone offer any insight on some possible steps to try? If someone has a crazy notion to give the hash a try, here it is: (as from the sam file) root:500:30E0C8062F009BAD64434F73F3815A86:039FE7E19C10B4A11D9708422ED74225:Built-in account for administering the computer/domain:: Thanks guys/gals
  2. Ok, so there is the outfit that is trying to scam people all over the place. I used to think that people who fell for these scams deserved to lose their money. But, after thinking about it, that would include most people I know, even my mother. So, in the spirit of helping to distribute karma a little quicker to these people, I am looking for suggestions on how to scam a scammer, or at least mess their day up. All I have is their email address. Any ideas? -R
  3. Man, I feel for you. I'm in the same position wanting to get back at a scammer (as I know they are a scammer, but they do not know that I know it yet). However, realistically, the only thing you can do is waste their time in emails. This can be fun to a certain point, but then it becomes more of a taxation of your time. The FBI won't do CRAP. Don't waste your time. These scammers run free on the internet 24/7 without rules and laws. I just read an interesting post about a guy who was dumb enough to actually wire the scammer $55,000 for a car. The car obviously never arrived. And dude was out a crap ton of money. Anyway, the guy was man enough to write about his own stupidity in hopes to save others. He indicated the he contacted the FBI and other agencies and even had an inside connection inside one of those agencies and they never did a thing. So my suggestion, save your energies on something more positive like warning others about scammers. Trying to get one over on this guy may prove to be an exhaustive waste of your time. But hey, if you so choose to do something, I'm behind you rootin' for you. Peace, R
  4. Come on! Seriously??? I don't agree with that for a second. Admittedly, some people trying to scam a scammer probably shouldn't. Many perhaps, would get too emotionally caught up in it, don't know when to get out, have to high of expectations, or slip up somewhere and divulge private information, etc... Yes, there is a risk in trying to scam a scammer. Which is why I pointed out that I may actually not go through with it. For me personally, it is really more the waste of my time that I'm worried about - not the fear or danger of messing with scammers.
  5. The scams are on various auto sites, claiming to sell cars at rock bottom prices. Its pretty sofisticated actually. They set up a quasi-fake escrow service that seems real enough, only they run it. Their sales are all under $5,000 per case because they know that the Feds, or anyone else pretty much won't touch them for anything under $5000. So, these people run free to scam people. -My plan was to go along with one of their scams to "buddy" up with them, but not sure what I can really do. Well, I can think of a few things. But was looking for some great ideas from the community. Maybe I won't even go thru with it. But if I have time, what the heck.. These people have stolen thousands and thousands of dollars and they aren't even being tracked by law. In one case alone, they stole $55,000 from one dude. -Maybe he wasn't the smartest, but again, their outfit seems really legitimate and seems to lure even the most suspicious people. Any thoughts?
  6. why would you post that? -doesn't make sense...
  7. Anyone know of a good application to scan a domain and export some sort of report with username /machine id? I'm essentially using a ping-based app that is really slow and looking for some suggestions. Thanks
  8. I'd probably look at the Subversion stuff. Basically, you configure a subversion server which will store all your files. But instead of the server "pushing" updates to client pcs, you'd use a subversion client on each pc to "pull" down updates as needed. A different work flow process, so it depends on what you want. Again, the nice thing about Subversion is the version control and authoring locking that it provides to avoid version conflicts and each computer can work with the files independently of one another and then sync as well. Well, whatever you end up with, good luck
  9. My process is this: Rip DVD (if needed) DVDFab or DVDXCopy - Both are good, I use DVDFab as it easily will rip a dvd and also split a large dvd into two separate segments so you could burn a dual-layer 8GB DVD to two single-layer 4.7GB DVDs. The only hang up with ripping DVDs is that the encryption on the DVDs change every so often, so in order to rip dvds you have to download updates to your software every so ofter. Burn Media I personally, use AVI2DVD, which is a free program and it work pretty well for most cases. You could also use an application like Nero (a part of Nero is specifically for creating DVDs Other Options Some dvd players actually support windows media types of formats (*.wma, *.avi) and will play the files if you just burn them as a data DVD. This is a good option if you are looking to simply back up your files form your hard drive. However, this of course, will lack the niceties of having a menu. Another good resource is to look at www.vcdhelp.com. There is an abundant amount of information there. And you can get a good feel for a wide array of software solutions from freeware to commercially available products. Good luck -r
  10. I forgot to mention... Again, depending on your use... You may want to actually consider getting and/or building a NAS for a common share. A few advantages would be: 1 location for the files Use of Raid to safely store your files in the event of hardware meltdown You can also use a NAS for many other things including a media server. You can (very cheaply) build your own NAS as the costs are solely in your hard drive. I've built a NAS before with a P2 400 mHz processor. Just get good drives and good raid controller and your set. Again, this is more for storing files and providing general access to each computer. If you need to "push" the files, you may want to consider rsync as snow said, or you could look at Samba which is cross-platform. Good luck -r
  11. I don't know what you are using this for, but I actually set up a Subversion environment. This helps keep things in sync and it also provides a method for storing versions of the files. Again, this comes in handy for my particular development environment where I am constantly updating files. However, a different solution may be better for you if you are just storing photos or something like that.. -r
  12. Calling all peeps with experience of bypassing or turning off Norton AntiVirus Tamper Protection... This service is not supposed to be able to be stopped by anyone except the person with domain admin rights. Any ideas?
  13. Ok, nevermind.. Definitely a "duh" moment. I thought maybe a non-admin user could do hack this somehow. As it turns out it can either be a domain admin or an admin of the pc. The latter of the two can obviously start/stop services which does the trick. I know it is intended to be a good thing, but to have all that extra "weight" on a developer machine really affects performance if you are trying to work with audio/video.
  14. Well, I'm glad you were able to get it. I've given up on it. I was just checking to see if it was possible.
  15. Absolute craziness... I already contacted Bruce... He was stumped as well.. He suggested to become a member on binrev since it is home to the most intelligent beings on the planet and post my question there.
  16. Hmm... No luck. Still brute forcing with LC5. 1 day into it and 23 hours remaining. Isn't there any faster way to do this? SIGH.....
  17. Being a Mac user myself, I have to agree with systems_glitch about the final cost and how it quickly rise in order to get a "usable" system. My main gripe with Mac over the years, has always been the idea that you couldn't just buy OEM parts and build your own mac, like you could with a pc. I always loved being able to build my own pc and wished I could build a mac. I know people have done this in the past with a great deal of TME (time, money, effort) so it will be cool to hear first hand how the experiment goes, and if you can make affordable. Good luck though, let us know how it goes.
  18. Thanks everyone for the feedback; it has been most helpful. I am downloading LC5 right now to give it a shot. RETN, You obviously know more about this than I, so just for my own edification... By looking at my hash, what makes you know that only 7 characters are encrypted one-way?
  19. Since I'm still awaiting the download of the rainbow tables, can you provide more information about how you cracked it (if you did). Or, even just send me the results in a message. I've never used L0phtCrack, is there anything else I'd need along with it? What LM Hash did you use?
  20. As crazy as it may seem, I haven't even stumbled upon www.freerainbowtables.com until now. Thanks for the suggestion. The links are ACTUALLY working!!! -No, seriously, I have been trying to get legitimate rainbowtable downloads for about 6 days now and any torrent file seems to inactive. I am now downloading the lm-all tables at a whopping 83 KB/sec. -Hey it beats 0 KB/sec. Once downloaded I'll post my results here... If my connection holds at 80 KB/sec, I should have the 33.8GB compressed tables downloaded in about 5 days. Keeping my fingers crossed. -r
  21. Well I know that in the linux world there is salting. Not sure if newer windows uses that or not. I'm not really a windows guy (part of the problem I guess). I was looking for rainbow tables to download, but they are few and far in between. I will continue to try to locate some sharable tables for my particular character set while simultaneously trying brute force. I just figured brute force would take to long for a character set of alpha-numeric-symbol and at least 8 chars? Maybe I'm wrong. I'm using cain to do the brute force attack. Anyone have any pointers to anything better? -r
  22. Oh, come on... Surely adults aren't all that bad. Besides, if adulthood seems so crappy what's that saying about your future This is a very cool subject however. Like ozlo, I can also hear TV's from across rooms and I can also hear this tone. I'll be 29 next month. I wonder if people are born with 'healthier' hearing capabilities or if it is simply taking care of your ears? I'd be skeptical of the later of the two since I have been a drummer since the time I was 12. Anyone who has played drums knows how badly all the cymbals and guitar feedback noises can really make your head spin. But like I said, this is a very cool subject. I do wish however, that the sound wouldn't be so god awful annoying. It almost gives me a sense of unnerving vertigo or something like that.
  23. thx nixxt & M0ralGray... I wasn't very clear in my first post about my approach. What I did was use Knoppix to boot to, then extracted the SAM and SYSTEM file. Then I exported it as a pwdump file. Then I opened it using Opthcrack and tried to crack it. The tables I have installed are the free ones (XP free fast, XP free small, & Vista free). I could not crack it with those tables. I see there are other tables that can be downloaded for $100 a piece, but I'd really not shell out that kind of money if it is not a guaranteed thing. I also did try LMCrack without any success. As far as rainbow tables go... Well, I agree that is my best bet, and I have a utility that will generate rainbow tables. The problem is that while I don't know the password, I do know that it is at least 8 characters and is alpha-numeric-symbol type. So, in order to generate the rainbow tables for that type of password is literally going to take me over a month running full time. The rainbow table I need is about 64 GB I believe. I have tried to look to find places to share/download rainbow tables, but no luck. I have also been reading that newer windows security/passwords incorporate more difficult hashing algorithm that are rainbow table proof. I guess I'm just stuck. I can always overwrite the admin password, but I'd really rather not (unless its a last resort). Anyone have any ideas? I really appreciate any input? I have to admit that I a new to cracking with rainbow tables, so any pointers or links to tables would be extra helpful. Cheers -r