Security Basics mailing list archives
Re: Defeating password cracking
From: neopara <neopara () shaw ca>
Date: Wed, 19 Feb 2003 23:09:28 -0600
Nice suggestion, but it doesn't stop the "linux password changers" boot disks because most let you choose the user by the RID (hex value) and not just the name. Still a good idea to use though, another extra layer of security but not the complete solution. Paul Sliwowski On Tue, 2003-02-18 at 13:37, dave wrote:
Simple ways to defeating password recovery boot-disk and password crackers, on NT/2000 machines. I was bored and trying different characters that L0phtCrack and other cracking programs could not detect. While doing so I discovered that by using these same characters in user names you could prevent the Boot-disk password changers from being able to change the Admin and other passwords. Possibly this is old news but I found it quite interesting. I am posting it to see if anyone else has found similar results, and maybe even ways to defeat this. 1. The character list: These are all ALT characters that L0phtCrack and Advanced NT Security Explorer could not detect. I made the password 5 characters long and added them to the custom character sets. For my test, after testing all of them, I decided to use Alt-251 (v) it is the square root symbol but shows as a small v in the cracking programs, or not at all in the password recovery boot disks. 1-32 127-130 132 134 135 142-146 148 153-159 164-255 0127 0131 0135 0149 0160-0167 0170-0172 0176-0178 0181-0183 0186-0189 0191 0196-0199 0201 0209 0214 0220 0223 0228-0231 0233 0241 0246 0247 2. Defeating password crackers: Ok so now we make a user name "joev" (without the quotes) and we make the password "1234v". Well I spent 3 days and could not get the password cracked even after I added it to the custom character sets; maybe I am just an amateur. So please let me know if I am doing something wrong. Notice the username displays as joev in L0phtCrack and the others. Also try using sid2user and other user information utilities on it. Most will tell you the user does not exist, whether you add the special character or put it as a small v. Even the W2000 Resource Kit "showmbrs.exe" does not display the special character. 3. Ok so know we have to prevent the Password recovery boot disks from being able to change the passwords. I had the "Linux password changer" and the one from Win/sysinternals. 4. First, no matter what you change the name of the built-in administrator account to you can always change the password with these tools, I am assuming it is because the SID is always the same. You cannot disable it so had to come up with a way to get around that. So I simply created a group called "no access" added the built in administrator account to it. I added deny logon locally and deny access this computer from the network privileges, and took away all access to the drives, essentially disabling it. 5. Ok now we made joev a member of the admin group. We boot to the Password recovery disk. The users except for joev show normal he shows as joe. Since we know his real username we try entering it that way, and the way it displays, either way we get cannot find user. I could change any password except for the joev. If we change the built in admin accounts password all is great, of course we cannot log in as him. If we use one of these Alt characters in all the usernames we essentially can prevent any of the passwords (except the built in admin account) from being changed. 6. Well now I know there are other ways of editing the registry, installing a separate installation of the OS etc. etc.. But I believe this is a pretty cool way of thwarting the basic "hacker" that thinks he is going to walk up to your system and boot to this disk and change the password and get in. Further it is nice to know that there are passwords you can make that even the common crackers cannot crack. Well this is my little discovery your thoughts and counter-thoughts are greatly appreciated. I do not mean this to be an end-all way of defeating these programs, but every little bit helps. ______________________ Dave Kleiman dave () netmedic net www.netmedic.net
-- Nothing More, For Me to Say, About my life, A Life of Dreams....
Current thread:
- Defeating password cracking dave (Feb 19)
- <Possible follow-ups>
- Re: Defeating password cracking neopara (Feb 20)
- Re: Defeating password cracking neopara (Feb 27)