RE: Windows XP salted hashed verification of domain passwords

[Matthew Webster <awakenings () mindspring com>]

Michael,

     Yes, I am aware of the difficulties.  I want to find out, can it be done?  How effective would a brute force 
attack be?  What is the risk?

Thanks,

Matt

-----Original Message-----
> From: Michael Hendrickx <Michael.Hendrickx () du ae>
> Sent: Mar 5, 2007 1:42 AM
> To: Matthew Webster <awakenings () mindspring com>, pen-test <pen-test () securityfocus com>
> Subject: RE: Windows XP salted hashed verification of domain passwords
>
> Dear,
>
> MD4 is a one way hash, though cryptographic collisions are found against
> it, the clear text password cannot be derived straight away, unless a
> brute force attack is performed against the hashes.
>
> Thanks,
>
> Michael Hendrickx
> Senior Applications & Systems Analyst - Enterprise IT Security
> Technology security & Risk Management
>
>
> Emirates Integrated Telecommunications Company, PJSC
> P.O. Box 502666, Dubai, U.A.E.
>
> Tel (Dir)  : +971 4 3693919
> Fax         : +971 4 3604414   
> www.du.ae
> -----Original Message-----
> From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> On Behalf Of Matthew Webster
> Sent: Saturday, March 03, 2007 12:12 AM
> To: pen-test
> Subject: Windows XP salted hashed verification of domain passwords
>
> Folks,
>
>    For domain accounts, the passwords are not kept on a system.  The
> verification is salted and hashed with md4 twice.  I am trying to assess
> the following risks.  1) What is the danger that that verification could
> be misused on another system?  2) From that salted, hashed verification,
> can the password be derived?  How likely is this?
>
>     Also, how would one perform a pen test against those salted, hashed
> verifications?  Lets assume in the registry no one was ignorant enough
> to put the registry key which provides the password.
>
> Thanks,
>
> Matt
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
> 00000008bOW
> ------------------------------------------------------------------------
>
>
> This email and any attachments may contain confidential information. If you or your organization are not the intended 
> recipient and have received them in error, please delete them and contact du. If the content of this email does not 
> relate to du's business, du does not endorse it. Without exception, du does not enter into agreements by exchange of 
> emails and nothing in this mail shall be construed or interpreted as binding du or creating any obligation on behalf 
> of du. You should check attachments for viruses before opening.
>
> Authorised, issued and fully paid up share capital of AED 4 billion
>
> Commercial Licence No. 576513; Commercial Registration No. 77967




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------