http://Evgenii.Rudnyi.Ru/

Evgenii B. Rudnyi, 2005
Use at your own risk.

user2sid and sid2user
====================

FILES:
sid.txt is my message to NTBugtraq;
user2sid.cpp and sid2user.cpp are the codes.

While writing a chaper for the book [1] in 1998, I should have filled a table with well-known SIDs. First, I took them from the MS documentation, but Vasilii Lustarev (it was he who suggested to write a book) told me that I made a mistake. He simply checked hex values in SAM and they were different from what I found in the documentation. Note that getsid from Resource Kit also displayed wrong SIDs in this case at that time. This pushed me to try WIN32 functions directly and write two simple programs.

After that I asked myself who can execute these functions. This led me to the discovery (or re-discovery) of some exploit, described in my message to ntbugtraq.

Two small utilities for Windows NT that allow you to query SAM and to find out a SID value for a given account name and vice versa.

user2sid is a command line interface to a WIN32 function LookupAccountName. Usage:

user2sid [\\computer_name] account_name

where computer_name is optional. By default, the search starts at a local Windows NT computer.

sid2user is a command line interface to a WIN32 function LookupSidName. Usage:

sid2user [\\computer_name] authority subauthority1 ...

where computer_name is optional. By default, the search starts at a local Windows NT computer. For example,

sid2user 5 32 544

[1] V. S. Lyutsarev, K. V. Ermakov, E. B. Rudnyi, I. V. Ermakov. Security of Windows NT Networks. Book in Russian, Russkaya Redaktsiya, 280 p, 1998.

