Penetration Testing mailing list archives
Re: Passwords with Lan Manager (LM) under Windows
From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa () pacbell net>
Date: Fri, 23 Sep 2005 09:47:21 -0700
There's an excellent chapter on Passwords in the Johansson/Riley "Protect your Windows Network"
Amazon.com: Books: Protect Your Windows Network : From Perimeter to Data (Microsoft Technology):
http://www.amazon.com/exec/obidos/tg/detail/-/0321336437/qid=1127493996/sr=8-1/ref=pd_bbs_1/104-1141862-3682369?v=glance&s=books&n=507846 philippe.nospam.oechslin () objectif-securite nospam ch wrote:
Hello Cedric!The characterset used for LanMan passwords is the OEM character set used in original IBM PCs.The reference to 142 characters probably refers to the number of chars that you could type on a standard keyboard.In recent Window OSs there is no limitation about the character set. You can use any 8bit character that you are able to type in a text box or on a command line.A quick test on my XP system show that characters above 127 can be used in "net user /add" command. Strangely enough some groups of them generate the same LMHash while generating different NThashes: 128,135 129,154 130,144 131,133,160 132,142 134,143 136,137,138 139,140,141,161 145,146 147,149,162 148,153 150,151,163 152,255 164,165 228,229 232,237 which yields 106 different character above 127. from the lower 128 chars, tab, space and delete are not easy not enter in an input field. This leaves us with a total of 231 working characters... cheers, Philippe ------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- RE: Passwords with Lan Manager (LM) under Windows, (continued)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows Thor (Hammer of God) (Sep 22)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)
- Re: Passwords with Lan Manager (LM) under Windows philippe . nospam . oechslin (Sep 23)
- Re: Passwords with Lan Manager (LM) under Windows Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Sep 24)
- RE: Passwords with Lan Manager (LM) under Windows Craig Wright (Sep 22)