Vulnerability Development mailing list archives

Re: NT SysKey should be breakable

From: mikael.olsson () ENTERNET SE (Mikael Olsson)
Date: Sun, 10 Oct 1999 15:00:31 +0200


Todd Sabin wrote:


I think the things most worth looking at are what can you do if you
e.g., steal a machine or backup tape, but don't get the SYSKEY.  These
are the types of attacks it's meant to protect against.


Point taken.

I was thinking along the lines "what if you can't upload pwdump
to the host?", but then you can't upload code to get to the
syskey either... Wonder where I'd left my brain.

Anyhow, speaking of getting hold of an encrypted SAM file, either
through being able to download it or getting hold of a backup
or an rdisk...

Even if syskey only encrypts the password hashes, I'm willing to bet
that there's going to be at least ONE password that's less than 8
chars, and we know what happens to the last half of the password
hashes when the password is less than 8 chars, don't we?
*wink* *wink*
- Can we say "known plaintext"? :-)

--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se

Current thread:

Re: Classes?, (continued)
- - - Re: Classes? Blue Boar (Oct 16)
    - Re: Classes? Dragos Ruiu (Oct 16)
    - Re: Classes? Bacano (Oct 17)
    - Re: Classes? Max Vision (Oct 18)
    - Re: Classes? David R. Conrad (Oct 17)
    - Re: Classes? Crispin Cowan (Oct 18)
    - Re: Classes? George Kurtz (Oct 20)
    - Re: Classes? Max Vision (Oct 24)
    - MediaHouse Enterprise Monitor 5.20 Sebastian Andersson (Oct 21)
    - Re: Classes? Bacano (Oct 19)
    - Re: NT SysKey should be breakable Mikael Olsson (Oct 10)
  - Re: Guestbook perl script (error fix) Vincent Zweije (Oct 09)