Penetration Testing mailing list archives
Re: Passwords with Lan Manager (LM) under Windows
From: Tim <pand0ra.usa () gmail com>
Date: Tue, 20 Sep 2005 11:55:26 -0600
The hash is not case sensitive, everything is pushed to uppercase. As for the 142 Chars I know it supports 0-9,A-Z,special chars, and some Alt-ASCII characters but I don't know to what extent. On 9/20/05, Cedric.Baechler () vtg admin ch <Cedric.Baechler () vtg admin ch> wrote:
Hi, Lan Manager (LM) is one of the oldest authentication protocols that Microsoft has used. It was first introduced with Windows 3.11 and is not very secureThe hash is case-insensitive. * The character set is limited to 142 characters. * The hash is broken down into 2-7 character chunks. If the password is shorter than 14 characters, the password will be padded with nulls to get the password to 14 characters. * The hash result is a 128-bit value. * The hash is one-way function. Does anyone know which 142-character set is used? Thanks in advance, Cedric ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
-- Tim Van Cleave, CISSP, NSA IAM, CXE AIM - pand0rausa MSN - m0rt15 Yahoo - pand0ra_usa ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Passwords with Lan Manager (LM) under Windows Cedric.Baechler (Sep 20)
- Re: Passwords with Lan Manager (LM) under Windows Tim (Sep 21)
- <Possible follow-ups>
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 21)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
(Thread continues...)