Bugtraq mailing list archives
Re: CIFS Changes
From: pokee () MAXWELL EE WASHINGTON EDU (Aaron Spangler)
Date: Fri, 16 May 1997 14:57:35 PDT
A lot of people have been asking me about Whether the new CIFS implementation in SP3 is vulnerable. Number one, it is not enabled by default, but even if it was, I suspect it is just as vulnerable EVEN IF THERE IS MESSAGE SIGNING! I have not yet had time to test it, but here is the MS whitepapers on the new protocol. It does not make a difference whether signing is enabled or disabled. Signing does not come into play until AFTER the password has been exchanged. So the users password can still be grabbed using a Web Site.
Exceperts take from "CIFS-Auth" dated Mar 28 Draft 4 section 1.4 From Microsoft's FTP Site. 1.4 Session authentication protocol 1. The client computes the session keys from the user's password, initializes its sequence number, and sends a session negotiation request to the server. C: Ks = MD4(P(U)) Ka = [Ks]<7> Kb = [Ks]<7:7> Kc = [Ks]<2:14>, Z(5)
Above just means the client has a Hashed NT Password. Usually stored in the SAM database in the registry.
C->S: Mneg 2. The server responds with the features negotiated, and a challenge:
The server sets CS=Z(8) (challenge is fized to 8 bytes of zeros) The server could even select the most secure protocols: NEGOTIATE_SECURITY_USER_LEVEL || (not share level) NEGOTIATE_SECURITY_CHALLENGE_RESPONSE || (no plaintext passwords) NEGOTIATE_SECURITY_SIGNATURES_ENABLED || (will do the MAC thing) NEGOTIATE_SECURITY_SIGNATURES_REQUIRED (insist on MAC thing) And send it off as options to Mnegr to the client.
S->C: Mnegr, CS 3. The client computes a response to the challenge. It computes the MAC key, and the MAC of the message, and send the user name, challenge response, and session request parameters to the server. Its message uses a sequence number of 0, and it expects a sequence number of 1 to be used in the response. C: R = {CS}Ka, {CS}Kb, {CS}Kc Km = Ks, R SN = 0 MC = [MD5(Km, SN, Msess, U, R)]<8> SN = 1 C->S: Msess, U, R, MC
Notice that the client gives R to server, R is the same thing I have been collecting on my web page. Easy enough to crack. -- Aaron Spangler EE Unix System Administrator Electrical Engineering FT-10 pokee () ee washington edu University of Washington Phone (206) 543-8984 Box 352500 or (206) 543-2523 Seattle, WA 98195-2500 Fax (206) 543-3842
Current thread:
- Re: CIFS Changes Aaron Spangler (May 16)