Re: Stealing NT passwords through WiFi?

[Ugen <ugen () xonix com>]

3APA3A wrote:

> Wireless  device  has no copy of password hash in this scenario, what it
> has  is  192  bit  response,  each 64 bits of response are independently
> calculated  from challenge (challege is calcualated in different way for
> MS-CHAP  and  MS-CHAPv2  and this is only difference) and 56 bits of the
> user's  password hash as a key. You can restore password by bruteforcing
> or  restore  password hash by breaking 56 bit DES encryption. In case of
> MS-CHAP  and  LM hash is used, password can be bruteforced in relatively
> short  time because of limited alphabet and possibility to crack first 7
> characters  of  the password independently. MS-CHAPv2 doesn't support LM
> hashes.
>  
I am under impression that as an authentication server the rogue system 
can require any version of
MS-CHAP it chooses. If the original system is configured to support both 
(and XP supplicant does,
not even sure if there is an easy way to force v2. only) the reply will 
include LM hash. Got to test
that, of course.

> It  doesn't  matter  if  you recover cleartext password by bruterforcing
> password  or  you  recover  password  hash by cracking DES, because with
> password  hash  you  can  connect  to  any  resource  without  cleartext
> password.
>  
I took a shortcut in description here indeed :) This is the crucial 
point though - I haven't found
ready made tools to work this step, though there was mention somewhere 
that l0phtcrack is able
to use MS-CHAP (no version specified) data as an input. This is where 
I'd welcome good
suggestions.

> U> Does it make sense to anyone else?
>
> Of  cause, MS-CHAP is less secure than Kerberos and even NTLMv2 (MS-CHAP
> is  actually  NTLM,  but  MS-CHAPv2  is  not  NTLMv2,  it's MS-CHAP with
> modification to challenge calculation and with mutual authentication and
> same  weak  cryptography). I would not recommend you to use user's logon
> account  for  wireless  communications.  Have different account for this
> case with limited rights.
>
>  
I am not planning to use this method. I am trying hard to make sure 
others don't either. I am aware
of a some large entities that consider using existing NT logons for 
exactly this method (PEAP/MS-CHAP)
of wireless users authentication. The default XP supplicant will only 
use current system logon credentials
(or a certificate, but thats another story) and that is something the 
method gets.
In any case credentials obtained this way would get an attacker access 
to given wireless network later on.
--Gene