Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: LM and NTLM Hashes

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 8 Sep 2005 16:19:08 -0400
 
Windows stored hashes (LM or NTLM) are never sent across the network.
Windows uses Challenge/Response handshaking protocols. The hashes are
involved, but are not sent at anytime between the client and the server.
The process is more complicated than you are thinking it is.

You can try Chapters 2 and 3 here for start.
http://www.windowsitlibrary.com/Ebooks/SecurityPermissions/

But I've recently written an article for them to appear in Windows
Security Administrator magazine that is even better and more
concise...but I don't know if it is published yet. Check
www.windowsitpro.com for more info.

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Consultant 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****

 

-----Original Message-----
From: Flavio Braga [mailto:flaviobs () uol com br]
Sent: Tuesday, September 06, 2005 12:56 PM
To: security-basics () securityfocus com
Subject: LM and NTLM Hashes

Hi all!

I have a question about LM and NTLM hashes. Hope someone will have
something to say.

Sorry about my ignorance. I was testing Cain & Abel in my network. I did
run the sniffer for some time, and so I sent the captured packets to the
cracker. Some documentation says that LM and NTLM hashes have 16 bytes.
But only a few packets have identified 16 bytes long hashes. The program
lists all the other packets with 24 bytes long hashes in the same
columns as LM & NTLM.

My question is: what kind of hashes are them? And another one. Does it
mean that LM & NTLM are not the only way to authenticate users? We don't
have Kerberos in the network. I saw that pop3 clients send passwords in
text mode. Is there any way to protect passwords from email clients? Or
the users have to access emails from webmails?

Thank you for any help.

Flavio
Previous By Date Next
Previous By Thread Next

Current thread: