Full Disclosure mailing list archives
Re: NEW windows password encryption flaw..
From: Darren Bennett <DARREN.L.BENNETT () saic com>
Date: 23 Jul 2003 14:53:29 -0700
Here is a yahoo story on the same problem... Others seem to think that it is indeed a problem (and one that ONLY affects Windows). http://story.news.yahoo.com/news?tmpl=story&cid=620&ncid=620&e=1&u=/nf/20030723/bs_nf/21952On -Darren Wed, 2003-07-23 at 13:24, 3APA3A wrote:
Dear Darren Bennett, Windows uses password hash in a same way as Unix uses cleartext password. Having password hash you can connect to Windows network without knowledge of cleartext password (I spent 2 minutes to modify smbclient to use hash instead of password and 5 minutes to test, you can try to do it as a challenge... Hint: all you need is to skip MD4 encoding if password is already looks like MD4 hash). So, cracking of Windows hashes gives you nothing in fact. --Wednesday, July 23, 2003, 9:48:51 PM, you wrote to full-disclosure () lists netsys com: DB> Is this new? I read about it on slashdot... DB> http://lasecpc13.epfl.ch/ntcrack/ DB> Basically, it seems that Microsoft has (yet again) screwed up the DB> implementation of their encryption scheme. This makes cracking any hash DB> a matter of seconds. Oops...
-- ----------------------------------------------- Darren Bennett CISSP, Certified Unix Admin., MCSE, MCSA, MCP +I Sr. Systems Administrator/Manager Science Applications International Corporation Advanced Systems Development and Integration ----------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NEW windows password encryption flaw.. Darren Bennett (Jul 23)
- Re: NEW windows password encryption flaw.. Chris Paget (Jul 23)
- Re: NEW windows password encryption flaw.. Corey Hart (Jul 23)
- Re: NEW windows password encryption flaw.. Jeremy Gaddis (Jul 23)
- Re: NEW windows password encryption flaw.. 3APA3A (Jul 23)
- Re: NEW windows password encryption flaw.. Darren Bennett (Jul 23)
- Off-Topic: Defcon Meeting? Daniel Berg (Jul 23)
- Re: Off-Topic: Defcon Meeting? Steve Bremer (Jul 24)
- Re: Off-Topic: Defcon Meeting? Thor Larholm (Jul 24)
- Re: Off-Topic: Defcon Meeting? 404 (Jul 24)
- RE: Off-Topic: Defcon Meeting? Robert Davies (Jul 24)
- Re: Off-Topic: Defcon Meeting? misiu_ (Jul 28)
- Off-Topic: Defcon Meeting! Daniel Berg (Jul 24)
- Re: Off-Topic: Defcon Meeting! Gwendolynn ferch Elydyr (Jul 28)
- Re: NEW windows password encryption flaw.. Darren Bennett (Jul 23)
- Re: Off-Topic: Defcon Meeting? Person (Jul 24)