DumpSec, presently available as freeware from SomarSoft and downloadable at http://www.systemtools.com/somarsoft/,  is a security auditing program for Windows systems. It dumps the  permissions (DACLs) and audit settings (SACLs) for the file system,  registry, printers and shares in a concise, readable listbox (text)  format, so that holes in system security are readily apparent. DumpSec  also dumps user, group and replication information.
DumpSec takes advantage of the NetBIOS API and works  by establishing NULL session to the target box as the Null user via the  [net use \\server "" /user:""] command. It then makes NET* enumeration  application program interface (API) calls like NetServerGetInfo  (supported by the Netapi32 library).
It allows users to remotely connect to any computer  and dump permissions, audit settings, and ownership for the Windows  NT/2000 file system into a format that is easily converted to Microsoft  Excel for editing. Hackers can choose to dump either NTFS or share  permissions. It can also dump permissions for printers and the registry.
The highlight is DumpSec's ability to dump the users  and groups in a Windows NT or Active Directory domain. There are several  reporting options and the hacker can choose to dump the direct and  nested group memberships for every user, as well as the logon scripts,  account status such as disabled or locked out, and the 'true' last logon  time across all domain controllers. The user can also get password  information such as 'Password Last Set Time' and 'Password Expires  Time'. To summarize, Dumpsec can pull a list of users, groups, and the  NT system's policies and user rights.
 
 
 
 
0 comments:
Post a Comment