NTLM v2 implementation
From: S.Leyers (s.leyers@subdimension.com)Date: 12/20/01
- Previous message: Amoediun Trepcoze: "RE: question regarding SAM file / l0phtcrack / pwdump2"
- Next in thread: H C: "Re: NTLM v2 implementation"
- Reply: H C: "Re: NTLM v2 implementation"
- Reply: Thor@HammerofGod.com: "Re: NTLM v2 implementation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "S.Leyers" <s.leyers@subdimension.com> To: "Focus MS List" <focus-ms@securityfocus.com> Date: Thu, 20 Dec 2001 12:57:15 +0100
Hi all,
This is a follow up of an ongoing thread but I made it a new thread as the
subject is quite different.
This should also answer some questions i saw in the 'question regarding SAM
file / l0phtcrack / pwdump2' thread.
Here we go:
After working with pwdump and L0phtcrack, i would like to implement NTLM v2
hash on my network to render "7+ characters" password usefull (as seen by
others people no matter how long, how many special characters you use, how
strong is your password policy, it's all about CPU horse power and the 7
first characters).
I found the required info in the following MS Articles:
Q239869 - How to Enable NTLM 2 Authentication for Windows 95/98/2000 and NT
(http://support.microsoft.com/default.aspx?scid=kb;EN-US;q239869)
Q147706 - How to Disable LM Authentication on Windows NT
(http://support.microsoft.com/default.aspx?scid=kb;en-us;Q147706)
Q161990 & Q225230 are almost irrelevant in this case (dont flame me for that
one i know it still has to be implemented)
As you have guessed i still have a few questions about it due to the
following experiment and some variants of it:
- I connect to a NT4 sp6a Domain using a W2K sp2 machine with a relatively
simple password.
- I apply the required registry settings on the w2k machine
(LMCompatibilityLevel = 3), reboot the client, logon (should be using NTLM
v2 now) and change the password to a, let's say, 10 characters password.
- Logoff and logon succesfully to the domain and finally re-run pwdump (Only
one DC in this test environment so no sync problem).
Big surprise ... L0phtcrack still see my password as a LM hash lowering the
utility of my 10 characters password to a 7 characters one in a matter of
seconds (showing for eg: ???????G#k). Finding the missing characters being a
matter of hours and big CPU.
So what part am i missing ?
Any suggestions, experience comments are welcome.
Just a little more background:
- LMCompatibilityLevel = 3: Send NTLM 2 response only. Clients use NTLM 2
authentication, and use NTLM 2 session security if the server supports it;
domain controllers accept LM, NTLM, and NTLM 2 authentication.
- It is a NT4 domain, using NT4 and W2k clients. All updated to latest
service packs.
- I'm still messing aroung with the NTLM v2 hash so i can not yet set DCs to
LMCompatibilityLevel to 4 or 5.
_____________________________________________________________________
This message has been checked for all known viruses by the
MessageLabs Virus Scanning Service. For further information visit
http://www.messagelabs.com/stats.asp
- Previous message: Amoediun Trepcoze: "RE: question regarding SAM file / l0phtcrack / pwdump2"
- Next in thread: H C: "Re: NTLM v2 implementation"
- Reply: H C: "Re: NTLM v2 implementation"
- Reply: Thor@HammerofGod.com: "Re: NTLM v2 implementation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
