Security Basics mailing list archives

Re: HASHES being sent through my network

From: "Saqib Ali" <docbook.xml () gmail com>
Date: Sat, 25 Nov 2006 10:28:18 -0500

My first question to you is: Is this a Kerberized Active Directory
environment where all the machines are part of the domain OR just a
standalone Win 2K server???

If it is just a standalone Win2K server, then YES, the password hashes
will float around on the network. That is because it is a not a
Kerberos environment.

IF it was a kerberos env (i.e. Active Directory with domains etc) then
only the kerberos service tickets would float around and not password
hashes or usernames.

saqib
http://www.full-disk-encryption.net


On 23 Nov 2006 22:34:34 -0000, lnrcmbymrhdcr () mailinator com
<lnrcmbymrhdcr () mailinator com> wrote:

Hello,
Not sure if appropriate list, but I was testing the flow through my network and noticed that everytime I authenticate 
against a Windows 2000 Server, ettercap captures the following:


USER: xxxx.xxxxx  HASH: xxxx.xxxxx:"":"":B5868F57a
x3F34FC7C00000000000000000000000000000000:A109BED82C8BF6BE8A0E5EDFC42964CFE274Fa
x278CF27281E:116FB24C76E30E4A DOMAIN: ZZZZZZZ

Does this mean that the password is also floating about and can be accessed and read remotely?

What HASH is this as it does not look like 32 bit version?

Cheers



--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net

Current thread:

HASHES being sent through my network lnrcmbymrhdcr (Nov 24)
- Re: HASHES being sent through my network Saqib Ali (Nov 27)
- <Possible follow-ups>
- Re: HASHES being sent through my network warl0ck (Nov 27)