Re: Defeating password cracking

[neopara <neopara () shaw ca>]

Nice suggestion, but it doesn't stop the "linux password changers" boot
disks because most let you choose the user by the RID (hex value) and
not just the name.  Still a good idea to use though, another extra layer
of security but not the complete solution.

Paul Sliwowski


On Tue, 2003-02-18 at 13:37, dave wrote:
> Simple ways to defeating password recovery boot-disk and password crackers,
> on NT/2000 machines.
>
> I was bored and trying different characters that L0phtCrack and other
> cracking programs could not detect.  While doing so I discovered that by
> using these same characters in user names you could prevent the Boot-disk
> password changers from being able to change the Admin and other passwords.
>
> Possibly this is old news but I found it quite interesting.  I am posting it
> to see if anyone else has found similar results, and maybe even ways to
> defeat this.
>
> 1.  The character list:  These are all ALT characters that L0phtCrack and
> Advanced NT Security Explorer could not detect.  I made the password 5
> characters long and added them to the custom character sets.  For my test,
> after testing all of them, I decided to use Alt-251 (v) it is the square
> root symbol but shows as a small v in the cracking programs, or not at all
> in the password recovery boot disks.
> 1-32
> 127-130
> 132
> 134
> 135
> 142-146
> 148
> 153-159
> 164-255
> 0127
> 0131
> 0135
> 0149
> 0160-0167
> 0170-0172
> 0176-0178
> 0181-0183
> 0186-0189
> 0191
> 0196-0199
> 0201
> 0209
> 0214
> 0220
> 0223
> 0228-0231
> 0233
> 0241
> 0246
> 0247
>
> 2.  Defeating password crackers:  Ok so now we make a user name "joev"
> (without the quotes) and we make the password "1234v".  Well I spent 3 days
> and could not get the password cracked even after I added it to the custom
> character sets; maybe I am just an amateur.  So please let me know if I am
> doing something wrong.  Notice the username displays as joev in L0phtCrack
> and the others.  Also try using sid2user and other user information
> utilities on it.  Most will tell you the user does not exist, whether you
> add the special character or put it as a small v. Even the W2000 Resource
> Kit "showmbrs.exe" does not display the special character.
>
> 3. Ok so know we have to prevent the Password recovery boot disks from being
> able to change the passwords.  I had the "Linux password changer" and the
> one from Win/sysinternals.  
>
> 4.  First, no matter what you change the name of the built-in administrator
> account to you can always change the password with these tools, I am
> assuming it is because the SID is always the same. You cannot disable it so
> had to come up with a way to get around that.  So I simply created a group
> called "no access" added the built in administrator account to it.  I added
> deny logon locally and deny access this computer from the network
> privileges, and took away all access to the drives, essentially disabling
> it.
>
> 5.  Ok now we made joev a member of the admin group.  We boot to the
> Password recovery disk.  The users except for joev show normal he shows as
> joe.  Since we know his real username we try entering it that way, and the
> way it displays, either way we get cannot find user.  I could change any
> password except for the joev.  If we change the built in admin accounts
> password all is great, of course we cannot log in as him. If we use one of
> these Alt characters in all the usernames we essentially can prevent any of
> the passwords (except the built in admin account) from being changed.
>
> 6.  Well now I know there are other ways of editing the registry, installing
> a separate installation of the OS etc. etc.. But I believe this is a pretty
> cool way of thwarting the basic "hacker" that thinks he is going to walk up
> to your system and boot to this disk and change the password and get in.
> Further it is nice to know that there are passwords you can make that even
> the common crackers cannot crack.
>
> Well this is my little discovery your thoughts and counter-thoughts are
> greatly appreciated.  I do not mean this to be an end-all way of defeating
> these programs, but every little bit helps.
>
>
>
>  
> ______________________
> Dave Kleiman
> dave () netmedic net
> www.netmedic.net
-- 
Nothing More, For Me to Say,
About my life, A Life of Dreams....