Closed. This has nothing to do with Backtrack Linux.
- Juicy Secrets in a database (SQL2000)
- patches are up to date
- password is long (32 characters)
- ssl is enforced on the connection (v3) via root CA on domain controller.
Can't haschcat (password too long)
Can't sniff the user/pass off the wire (encrypted) and ettercap doesn't support v3
I could rdesktop in to the Machine and look at the certificate installed via the certificate snapin. Would this information be enough to generate a cert for ssldump to decode the stream?
However I can get to the CA root (Win 2k3 C:\Windows\system32\certlog)
Does backtrack have a tool to pull the certs directly from the edb file? (using esentutl.exe isn't helpful)
Or am I going about this in the wrong way and there is a more elegant approach?