Penetration Testing mailing list archives
Re: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)
From: "Peter Parker" <peterparker () fastmail fm>
Date: Fri, 11 Jun 2004 06:55:04 -0700
seach for a tool called idr (id recovery).. a good dictionary and bruteforcing tool... had worked for me earlier :) On Thu, 10 Jun 2004 06:43:19 -0500, "Romes, Randall J." <Rromes () larsonallen com> said:
Any one familiar with a means of recovering/cracking the password for lotus notes which resides in the .id file? Any one know how the password is encrypted/hashed? Thanks Randy -----Original Message----- From: Nicolas RUFF (lists) [mailto:ruff.lists () edelweb fr] Sent: Tuesday, May 25, 2004 10:17 AM To: pen-test Subject: Re: Cached NT/W2k passwordsHas anyone been able to decrypt the hash password from the cached login on NT or W2K ? We're is it located ? In the registry ? If so what's the key.... I've been looking around the only thing I can find is how to disable this feature :(Hi, If you're talking about the CachedLogonsCount registry key, there has been a thread 2 weeks ago on FOCUS-MS : http://www.securityfocus.com/archive/88/362946/2004-05-21/2004-05-27/0 Basically, storage is either in LSA Secrets or NL$ registry keys (depending on Windows version), and there is no publicly available tool to decrypt the hash. The stored value is a salted hash : NTLM( username + NTLM(password)). This is hard to crack by brute-force if password > 6 chars. Regards, - Nicolas RUFF ----------------------------------- Security Consultant EdelWeb (http://www.edelweb.fr/) ----------------------------------- -------------------------------------------------------- This message (including any attachments) may contain confidential client information. The information is intended only for the use of the individual or entity to whom it is addressed. If you are not the addressee or the employee or agent responsible to deliver this e-mail to its intended recipient, you are hereby notified that any review, use, dissemination, distribution, disclosure, copying or taking of any action in reliance on the contents of this information is strictly prohibited.
-- peter peterparker () fastmail fm -- http://www.fastmail.fm - The professional email service
Current thread:
- Lotus Notes .id file pw recover (Was Cached NT/W2k passwords) Romes, Randall J. (Jun 10)
- RE: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords) Cory Michal (Jun 10)
- RE : Lotus Notes .id file pw recover (Was Cached NT/W2k passwords) Geoffroy Raimbault (Jun 11)
- Re: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords) Peter Parker (Jun 12)
- Re: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords) Kurt Grutzmacher (Jun 14)
- Re: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords) emx (Jun 16)