Saturday, October 22, 2011

SAPD and service account password

As usually when it comes to the security subjects I'm under impression Paula Januszkiewicz's knowledge. And from time to time I try to check her methods to improve mine :)
Sometime in your system there are some services which are running on for example other user's account. When you go to the services console you can find some examples of it. In my example LC Remote Agent is working on Gerwazy account.

Gerwazy is the name of your friend's account and you (for some purposes) want to get password to it. What can you do? You can use the SAPD.exe which does it for you. So download it and try to run passing as the program's argument the service name.



Hmmm.... there is no secrets inside of the registry?? I know that they are, so why the application didn't display them? Maybe it should be run from the administrator account? Let's try.


Once again - no secrets. So maybe system account will be better (I'm sure it was written in the manual to the tool but I don't like reading the documents). How to be able to use this account? The simplest way - use psexec.


Voilà :) We've got the password :)

No comments:

Search This Blog