Re: kerberos!

From: Thor (thor_at_HAMMEROFGOD.COM)
Date: 09/28/04

  • Next message: Louis Solomon [SteelBytes]: "Re: GDI Replacing Tool"
    Date:         Mon, 27 Sep 2004 21:54:53 -0700

    Continuity check inline:

    ----- Original Message -----
    From: "David Ruschinek" <drusho@GMAIL.COM>
    Sent: Wednesday, September 08, 2004 3:09 AM
    Subject: Re: kerberos!

    > The Authentication used over netbios/SMB/CIFS connections (at least in
    > win2003 and winXPPro) is IWA (Integrated Windows Authentication).
    > IWA is a mixture of several protocol where the strongest is attempted
    > first and then the weaker one. IWA uses Kerberos 5, Kerberos 4,
    > NTLMv3, NTLMv2 and Lan Manager (LM).

    Actually, the client can specify the level- it is not always the "strongest
    first." And it is NTLMv2, NTLM, and LM. If you really have NTLMv3, how
    about gimme a copy? ;)

    > This is some the problems with IWA Authentication:
    > 1. Fall back to weaker protocols
    > 2. NTLM version backwards compatiblity
    > 3. Pasword hash is consistent (it is still better than basic though)
    > 4. Domain of remote machine can be sniffed

    Minimum levels can be set, so that there is no "fall back."

    > 2. NTLM version backwards compatiblity
    > NTLM has had several versions Windows 2003, XP and 2000 use version 3,
    > Windows NT used version 2.

    I think you mean "level" and not "version." And again, these could all be

    > 2. Password HASH is consistent
    > One of known issues with NTLM v2 was the 7 character hash. (every 7
    > characters is hashed with the same algorithm)
    > NTLM v2 would only process the first 2 blocks of 7 characters, this if
    > two passwords have Identical characters for the first 14 digits they
    > were the same password.
    > There is a popular password cracker called L0phtcrack:
    > in NTLMv3 the Password hash is still consistent.
    > About 1 year ago some professors built a machine to crack NTLMv2 and
    > v3 using password hash tables. I cannot find a link right now

    This is what really made me reply-- you're talking about the old LM hash,
    not NTLMv2 (or even NTLM for that matter.) And the "first two blocks" bit is
    not correct... The max 14 char pwd was split into 2 individual 7 char
    hashes, independently... But this is like, way super old, and not really
    worth talking about anymore. Yes, in Win2k, by default, on a stand-alone
    system, the LM hash would be stored. But you could set it not to, or just
    have a >14 char pwd and "bye bye lm hash." And Mark's point in the article
    was not "NTLMv2 is weak," it was that weaker methods could be used by
    default. AFA playback of NTLMv2 creds via MITM attacks, remember that by
    default, SMB communications between server and client will be signed if
    possible (and you can require it if you want to... ) That would pretty much
    nix the MITM stuff.

    > 3. Domain of remote machine can be sniffed
    > One of the requirements for NTLMv3 and Kerberos is the domain for
    > authentication.
    > This can be sniffed (Network Monitor or Ethereal).

    It can all be sniffed... In win2k an anonymous connection will get you far
    more than that... In fact, the domain is free info (so that the user can
    select which domain to log into...) No biggie there...

    Anyway, just thought I would chime in on a few things...

    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you'll have to copy their email address out of the message and place it in your TO: field.

  • Next message: Louis Solomon [SteelBytes]: "Re: GDI Replacing Tool"