Originally Posted by ipndrmath
From the when you type in your user name and password and click "ok" to when you are presented with your active desktop what happens? How are the passwords transfered... I know that local passwords are stored in the SAM in the registry, but where are the remote passwords stored? What encryption methods are posssible? How might these passwords be extracted? Could I view the shares on these domain computers?
Please be technical...
If you have a website you know of, inform me.
P.S. : I'm talking about a local LAN.
The passwords are stored on the domain controllers remote SAM. If you have a good reason to figure this stuff out i'll help you over msn or aim.
Password extraction would involve connecting to the remote admin$ or c$ share and stealing the passwords, however an admin (Or poweruser too, I believe) account can only do this.
No encrpytion, LANMAN2 and Kerebros are possible encryption method's.
Viewing shares is easy on domain computers, I use a program like Cain & Abel to detect every single remote share on a computer, as well as usernames and groups usually.