Penetration Testing mailing list archives
Re: Passwords with Lan Manager (LM) under Windows
From: "Thor (Hammer of God)" <thor () hammerofgod com>
Date: Wed, 21 Sep 2005 22:45:51 -0700
Well, that's an issue with the client, not NTLMv2. NTLMv2 is tight. LM sucks- that's obvious (and it was IBM, not MS that gave us that one.) And yes, you can use precomputed tables against NTLM hashes, but not against NTLMv2... The NTLM hash is keyed off of the password, but NTLMv2 hashes up the password with the user's domain/user data when generating the key... You can't precompile that data into a rainbow, you know?
Regarding the "IPsec based auth" reference (here I go again), I'd have to say that there is no such thing... IPSec negotiation in Windows can be based on one of three mechanisms: A pre-shared key, Kerberos, or a cert-- it is not an authentication protocol in itself... (the cert being the strongest IMO).
t----- Original Message ----- From: "Craig Wright" <cwright () bdosyd com au> To: "Thor (Hammer of God)" <thor () hammerofgod com>; <pand0ra.usa () gmail com>; <pen-test () securityfocus com>
Sent: Wednesday, September 21, 2005 10:05 PM Subject: RE: Passwords with Lan Manager (LM) under Windows Further to the last post There are a number of issues with NTLMv2 and legacy applications such as Windows RAS that cause lower levels of authentication I still say that Kerberos or IPsec based auth is the best policy in windows. LanMan, NTLMv1 or V2 are vulnerable. Precomputed tables may have been uncommon 12 months ago - but that was then and this is now. Cain & Abel will use sorted Rainbow Tables for Cryptanalysis attacks Craig -----Original Message----- From: Thor (Hammer of God) [mailto:thor () hammerofgod com] Sent: 22 September 2005 12:00 To: Craig Wright; pand0ra.usa () gmail com; pen-test () securityfocus com Subject: Re: Passwords with Lan Manager (LM) under Windows ----- Original Message ----- From: "Craig Wright" <cwright () bdosyd com au> To: <pand0ra.usa () gmail com>; <pen-test () securityfocus com> Sent: Wednesday, September 21, 2005 12:32 PM Subject: RE: Passwords with Lan Manager (LM) under Windows
Even NTLMv2 will break the hashing into chunks which are able to be individually broken down.
I'm not sure what you mean... NTLMv2 uses a single 128bit key for the hash, challenge and response... Or are you referring to the NTLM2 session response key (56+56+16)? If so, that is not the same thing as NTLMv2... Can you elaborate please ? t ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Passwords with Lan Manager (LM) under Windows Cedric.Baechler (Sep 20)
- Re: Passwords with Lan Manager (LM) under Windows Tim (Sep 21)
- <Possible follow-ups>
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 21)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows philippe . nospam . oechslin (Sep 23)
(Thread continues...)