I'm fairly certain this can be done through good ol' file-and-print-sharing.
From memory, If you have a Windows machine handy, you can just connect to any unprotected shares using the 'net' command.
Even if it only allows to have read access of their C: drive, that means that you can grab a copy of their Windows password file ( c:\windows\*.pwl ) for processing by either 'l0pht crack' or 'Cracker Jack'. After that, your in with read/write permission.
This is one of the reasons why people scream about sharing under Windows - it opens too many possibilities for external intrusion.
Unfortunatly, once people start using it, they find it hard to stop and it's very common on Windows LAN's. Because of that, if one machine is compromised many of the rest in the network quickly follow.
You might be strangling my chicken, but you don't want to know what I'm doing to your hampster.
[ Parent ]