RE: Brute-forcing cached Windows login password hashes

["Ben Greenberg" <Ben.Greenberg () senet-int com>]

Thanks much!

-----Original Message-----
From: Jerome Athias [mailto:jerome.athias () free fr] 
Sent: Thursday, July 26, 2007 1:35 AM
To: Ben Greenberg
Cc: pen-test () securityfocus com
Subject: Re: Brute-forcing cached Windows login password hashes

Hi Ben,

Ben Greenberg a écrit :
> Greetings all,
>  
> My question is regarding the encrypted password hashes that Windows stores
in
> the registry of the last 10 logins to a workstation.
>
> I read the original white paper written by Arnaud Pilon and I've used his
> cachedump tool to extract the password hashes from the registry. What I'm
> wondering is what type of hash those passwords use. Is it straight MD4?
Some references:
http://support.microsoft.com/kb/913485 (global view)

http://www.microsoft.com/technet/community/columns/secmgmt/sm1005.mspx
Quote:
"Windows also stores a password verifier on domain members when a domain 
user logs on to that domain member. This verifier can be used to 
authenticate a domain user if the computer is not able to access the 
domain controller. In Windows XP the password verifier is also used to 
speed up domain logon when the computer is cold-booted. The password 
verifier is also commonly called a cached credential. It is computed by 
taking the NT hash, concatenating the user name to it, and then hashing 
the result using the MD4 hash function.

Internally, Windows represents passwords in 256-character UNICODE 
strings. The logon dialog is limited to 127 characters, however. 
Therefore, the longest password that can be used to log on interactively 
to a computer running Windows is 127 characters. Theoretically, programs 
such as services can use longer passwords, but they must be set 
programmatically because the password change dialog will not allow a 
password longer than 127 characters."


> I know that each hash is salted with a machine-specific unique string. What
I
> am unclear on is what exactly the password hash is and how it can be
> brute-forced.

> I know that there is a patch for John the Ripper, but every
> mention I can find refers to a two year old version of John. Does anyone
know
> if the most recent version has this patch in it already?
Probably. Make sure to check Cain & Abel (oxid.it) also...
> Also, is anyone familiar with any rainbow tables for cracking these
passwords? Are rainbow
> tables possible for these hashes because of the salting?
>   
Well, it is possible: 
http://www.freerainbowtables.com/index-rainbowtables-tables-mscache.html
(link #2 is 404 i know but #1 should work) Note: these tables were 
precomputed salted with the login "Administrator"
But with one set of tables for each salt, it should not be so useful or 
usable (unless you have a big cluster to precompute thetables in less 
than an hour :p anf if so, please let me know! ;))...
> Thanks all.
Good luck
/JA

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------