Re: kerberos!

From: Thor (thor_at_HAMMEROFGOD.COM)
Date: 09/28/04

  • Next message: Louis Solomon [SteelBytes]: "Re: GDI Replacing Tool" 
    Date:         Mon, 27 Sep 2004 21:54:53 -0700
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Continuity check inline:

    ----- Original Message -----
    From: "David Ruschinek" <drusho@GMAIL.COM>
    To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
    Sent: Wednesday, September 08, 2004 3:09 AM
    Subject: Re: kerberos!

    > The Authentication used over netbios/SMB/CIFS connections (at least in
    > win2003 and winXPPro) is IWA (Integrated Windows Authentication).
    > IWA is a mixture of several protocol where the strongest is attempted
    > first and then the weaker one. IWA uses Kerberos 5, Kerberos 4,
    > NTLMv3, NTLMv2 and Lan Manager (LM).

    Actually, the client can specify the level- it is not always the "strongest
    first." And it is NTLMv2, NTLM, and LM. If you really have NTLMv3, how
    about gimme a copy? ;)

    > This is some the problems with IWA Authentication:
    > 1. Fall back to weaker protocols
    > 2. NTLM version backwards compatiblity
    > 3. Pasword hash is consistent (it is still better than basic though)
    > 4. Domain of remote machine can be sniffed

    Minimum levels can be set, so that there is no "fall back."

    > 2. NTLM version backwards compatiblity
    > NTLM has had several versions Windows 2003, XP and 2000 use version 3,
    > Windows NT used version 2.

    I think you mean "level" and not "version." And again, these could all be
    set.

    > 2. Password HASH is consistent
    > One of known issues with NTLM v2 was the 7 character hash. (every 7
    > characters is hashed with the same algorithm)
    > NTLM v2 would only process the first 2 blocks of 7 characters, this if
    > two passwords have Identical characters for the first 14 digits they
    > were the same password.
    > There is a popular password cracker called L0phtcrack:
    > http://www.atstake.com/products/lc/
    > in NTLMv3 the Password hash is still consistent.
    > About 1 year ago some professors built a machine to crack NTLMv2 and
    > v3 using password hash tables. I cannot find a link right now

    This is what really made me reply-- you're talking about the old LM hash,
    not NTLMv2 (or even NTLM for that matter.) And the "first two blocks" bit is
    not correct... The max 14 char pwd was split into 2 individual 7 char
    hashes, independently... But this is like, way super old, and not really
    worth talking about anymore. Yes, in Win2k, by default, on a stand-alone
    system, the LM hash would be stored. But you could set it not to, or just
    have a >14 char pwd and "bye bye lm hash." And Mark's point in the article
    was not "NTLMv2 is weak," it was that weaker methods could be used by
    default. AFA playback of NTLMv2 creds via MITM attacks, remember that by
    default, SMB communications between server and client will be signed if
    possible (and you can require it if you want to... ) That would pretty much
    nix the MITM stuff.

    > 3. Domain of remote machine can be sniffed
    > One of the requirements for NTLMv3 and Kerberos is the domain for
    > authentication.
    > This can be sniffed (Network Monitor or Ethereal).

    It can all be sniffed... In win2k an anonymous connection will get you far
    more than that... In fact, the domain is free info (so that the user can
    select which domain to log into...) No biggie there...

    Anyway, just thought I would chime in on a few things...
    T

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: Louis Solomon [SteelBytes]: "Re: GDI Replacing Tool"

    Relevant Pages

    • Re: Socket Server with Encryption help
      ... After reading your post I got a very strong suspicion that regardless of your saying that you read "a lot of papers about Symmetric, Asymmetric, Hash, Envelope and Signature" you didn't read even distantly enough to be able to implement something even distantly secure. ... The classical paper on three party authenticated protocols design was written by Needham and Schroeder "Using encryption for authentication in large networks of computers" in 1978, where they described several protocols, one of witch was modified, strengthened and extended a bit later to become what is now known as Kerberos. ... I've started to develop a server and client socket classes with encryption. ...
      (microsoft.public.dotnet.security)
    • Re: Custom Authentication with WSE 2.0
      ... Get the Client to hash the password before sending the password over. ... Based on the custom handler in web.config Wse instantiates the custom ... to encrypt the passwords (the username for example), so that way I can come ...
      (microsoft.public.dotnet.framework.webservices.enhancements)
    • Re: Webservice or not Advice
      ... Http is not a guarantted protocol though. ... longas the client does the same) as a aecondary argument. ... also calculate a hash value once the dataset is received. ... I'm wondering since im calling up a webservice to pass a ...
      (microsoft.public.dotnet.distributed_apps)
    • Re: public key vs passwd authentication?
      ... > original salt and the sequence number. ... the client might possibly want to keep a log of all server "salts" ... if any client hash value leaks that is for an iteration less than ... currently be used by a server. ...
      (comp.security.ssh)
    • Re: Passwords with Lan Manager (LM) under Windows
      ... I already said why you can't pre-compile NTLMv2: The hash generated for the ... As I said earlier "Kerberos support with IPsec" And by this yes ...
      (Pen-Test)