Full Disclosure mailing list archives
Re: NEW windows password encryption flaw..
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 24 Jul 2003 00:24:26 +0400
Dear Darren Bennett, Windows uses password hash in a same way as Unix uses cleartext password. Having password hash you can connect to Windows network without knowledge of cleartext password (I spent 2 minutes to modify smbclient to use hash instead of password and 5 minutes to test, you can try to do it as a challenge... Hint: all you need is to skip MD4 encoding if password is already looks like MD4 hash). So, cracking of Windows hashes gives you nothing in fact. --Wednesday, July 23, 2003, 9:48:51 PM, you wrote to full-disclosure () lists netsys com: DB> Is this new? I read about it on slashdot... DB> http://lasecpc13.epfl.ch/ntcrack/ DB> Basically, it seems that Microsoft has (yet again) screwed up the DB> implementation of their encryption scheme. This makes cracking any hash DB> a matter of seconds. Oops... -- ~/ZARAZA Существую лишь я сам, никуда не летя. (Лем) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- NEW windows password encryption flaw.. Darren Bennett (Jul 23)
- Re: NEW windows password encryption flaw.. Chris Paget (Jul 23)
- Re: NEW windows password encryption flaw.. Corey Hart (Jul 23)
- Re: NEW windows password encryption flaw.. Jeremy Gaddis (Jul 23)
- Re: NEW windows password encryption flaw.. 3APA3A (Jul 23)
- Re: NEW windows password encryption flaw.. Darren Bennett (Jul 23)
- Off-Topic: Defcon Meeting? Daniel Berg (Jul 23)
- Re: Off-Topic: Defcon Meeting? Steve Bremer (Jul 24)
- Re: Off-Topic: Defcon Meeting? Thor Larholm (Jul 24)
- Re: Off-Topic: Defcon Meeting? 404 (Jul 24)
- RE: Off-Topic: Defcon Meeting? Robert Davies (Jul 24)
- Re: Off-Topic: Defcon Meeting? misiu_ (Jul 28)
- Off-Topic: Defcon Meeting! Daniel Berg (Jul 24)
- Re: Off-Topic: Defcon Meeting! Gwendolynn ferch Elydyr (Jul 28)
- Re: NEW windows password encryption flaw.. Darren Bennett (Jul 23)
- Re: Off-Topic: Defcon Meeting? Person (Jul 24)