RE: Defeating password cracking

• Previous message: Steve: "Re: Ye Olde OWA Topic (Was RE: Website inside or outside domain)"
• Maybe in reply to: dave: "Defeating password cracking"
• Next in thread: dave: "RE: Defeating password cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "dave" <dave@netmedic.net>
To: "'Wilcox, Stephen'" <StephenWilcox@universalcomputersys.com>, <focus-ms@securityfocus.com>
Date: Tue, 18 Feb 2003 17:49:34 -0500

Yes Stephen that looks true. But a simple password, with just one of those
non-printable characters i.e. (alt 251) would be easy to remember.

 
_____________________
Dave Kleiman
dave@netmedic.net
www.netmedic.net

>> -----Original Message-----
>> From: Wilcox, Stephen [mailto:StephenWilcox@universalcomputersys.com]
>> Sent: Tuesday, February 18, 2003 17:08
>> To: dave; focus-ms@securityfocus.com
>> Subject: RE: Defeating password cracking
>>
>> Dave,
>>
>> Here is an old article you might be interested in
>>
>> http://online.securityfocus.com/infocus/1554. Note Myth #2.
>>
>>
>> -----Original Message-----
>> From: dave [mailto:dave@netmedic.net]
>> Sent: Tuesday, February 18, 2003 1:36 PM
>> To: focus-ms@securityfocus.com
>> Subject: Defeating password cracking
>>
>>
>> Simple ways to defeating password recovery boot-disk and password
>> crackers,
>> on NT/2000 machines.
>>
>> I was bored and trying different characters that L0phtCrack and other
>> cracking programs could not detect. While doing so I discovered that by
>> using these same characters in user names you could prevent the Boot-disk
>> password changers from being able to change the Admin and other
>> passwords.
>>
>> Possibly this is old news but I found it quite interesting. I am posting
>> it
>> to see if anyone else has found similar results, and maybe even ways to
>> defeat this.
>>
>> 1. The character list: These are all ALT characters that L0phtCrack and
>> Advanced NT Security Explorer could not detect. I made the password 5
>> characters long and added them to the custom character sets. For my
>> test,
>> after testing all of them, I decided to use Alt-251 (v) it is the square
>> root symbol but shows as a small v in the cracking programs, or not at
>> all
>> in the password recovery boot disks.
>> 1-32
>> 127-130
>> 132
>> 134
>> 135
>> 142-146
>> 148
>> 153-159
>> 164-255
>> 0127
>> 0131
>> 0135
>> 0149
>> 0160-0167
>> 0170-0172
>> 0176-0178
>> 0181-0183
>> 0186-0189
>> 0191
>> 0196-0199
>> 0201
>> 0209
>> 0214
>> 0220
>> 0223
>> 0228-0231
>> 0233
>> 0241
>> 0246
>> 0247
>>
>> 2. Defeating password crackers: Ok so now we make a user name "joev"
>> (without the quotes) and we make the password "1234v". Well I spent 3
>> days
>> and could not get the password cracked even after I added it to the
>> custom
>> character sets; maybe I am just an amateur. So please let me know if I
>> am
>> doing something wrong. Notice the username displays as joev in
>> L0phtCrack
>> and the others. Also try using sid2user and other user information
>> utilities on it. Most will tell you the user does not exist, whether you
>> add the special character or put it as a small v. Even the W2000 Resource
>> Kit "showmbrs.exe" does not display the special character.
>>
>> 3. Ok so know we have to prevent the Password recovery boot disks from
>> being
>> able to change the passwords. I had the "Linux boot-disk password
>> changer"
>> and the one from Win/sysinternals.
>>
>> 4. First, no matter what you change the name of the built-in
>> administrator
>> account to you can always change the password with these tools, I am
>> assuming it is because the SID is always the same. You cannot disable it
>> so
>> had to come up with a way to get around that. So I simply created a
>> group
>> called "no access" added the built in administrator account to it. I
>> added
>> deny logon locally and deny access this computer from the network
>> privileges, and took away all access to the drives, essentially disabling
>> it.
>>
>> 5. Ok now we made joev a member of the admin group. We boot to the
>> Password recovery disk. The users except for joev show normal he shows
>> as
>> joe. Since we know his real username we try entering it that way, and
>> the
>> way it displays, either way we get cannot find user. I could change any
>> password except for the joev. If we change the built in admin accounts
>> password all is great, of course we cannot log in as him. If we use one
>> of
>> these Alt characters in all the usernames we essentially can prevent any
>> of
>> the passwords (except the built in admin account) from being changed.
>>
>> 6. Well now I know there are other ways of editing the registry,
>> installing
>> a separate installation of the OS etc. etc.. But I believe this is a
>> pretty
>> cool way of thwarting the basic "hacker" that thinks he is going to walk
>> up
>> to your system and boot to this disk and change the password and get in.
>> Further it is nice to know that there are passwords you can make that
>> even
>> the common crackers cannot crack.
>>
>> Well this is my little discovery your thoughts and counter-thoughts are
>> greatly appreciated. I do not mean this to be an end-all way of
>> defeating
>> these programs, but every little bit helps.
>>
>>
>>
>>
>> ______________________
>> Dave Kleiman
>> dave@netmedic.net
>> www.netmedic.net
>>
>>
>>
>>

• Next message: Lee, Alex (NHQ)-EDS: "RE: Windows station permissions, remote control programs, lower priviledge accounts"
• Previous message: Steve: "Re: Ye Olde OWA Topic (Was RE: Website inside or outside domain)"
• Maybe in reply to: dave: "Defeating password cracking"
• Next in thread: dave: "RE: Defeating password cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]