Re: Using hashes, not text credentials...?
From: Ben Greenbaum (bgreenbaum@securityfocus.com)Date: 07/23/01
- Previous message: EPiC: "Re: Hacked NT/2K box"
- In reply to: centipede: "Using hashes, not text credentials...?"
- Next in thread: Paul Cardon: "Re: Using hashes, not text credentials...?"
- Reply: Paul Cardon: "Re: Using hashes, not text credentials...?"
- Reply: Todd Sabin: "Re: Using hashes, not text credentials...?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 Jul 2001 10:29:12 -0600 (MDT) From: Ben Greenbaum <bgreenbaum@securityfocus.com> To: centipede <centiped@netvision.net.il> Subject: Re: Using hashes, not text credentials...? Message-ID: <Pine.GSO.4.30.0107231025450.862-100000@mail>
Yes, check out:
http://www.securityfocus.com/bid/233
Exactly what you describe is possible with LanMan hashes for all NT4.0
<sp4, and any after that with
HKLM\System\CurrentControlSet\control\LSA\LMCompatibilityLevel
not set to 4.
Ben Greenbaum
Director of Product Development - SIA/VulDB
SecurityFocus
http://www.securityfocus.com
On Sun, 22 Jul 2001, centipede wrote:
> Hi.
>
> Is there a way, in a NT4.0 environment, one can use a 2nd user hashes
> (caught using
> l0pht for instance) in a resource usage authentication (thus making the
> hashes cracking
> process unnecessary) ?
>
> thx
> centipede.
>
- Previous message: EPiC: "Re: Hacked NT/2K box"
- In reply to: centipede: "Using hashes, not text credentials...?"
- Next in thread: Paul Cardon: "Re: Using hashes, not text credentials...?"
- Reply: Paul Cardon: "Re: Using hashes, not text credentials...?"
- Reply: Todd Sabin: "Re: Using hashes, not text credentials...?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
