Re: Defeating password cracking

• Previous message: McKenzie Family: "Checkpoint NG - SMTP Guard Features"
• Maybe in reply to: dave: "Defeating password cracking"
• Next in thread: neopara: "Re: Defeating password cracking"
• Reply: neopara: "Re: Defeating password cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 19 Feb 2003 23:09:28 -0600
From: neopara <neopara@shaw.ca>
To: security-basics <security-basics@securityfocus.com>

Nice suggestion, but it doesn't stop the "linux password changers" boot
disks because most let you choose the user by the RID (hex value) and
not just the name. Still a good idea to use though, another extra layer
of security but not the complete solution.

Paul Sliwowski

On Tue, 2003-02-18 at 13:37, dave wrote:
> Simple ways to defeating password recovery boot-disk and password crackers,
> on NT/2000 machines.
>
> I was bored and trying different characters that L0phtCrack and other
> cracking programs could not detect. While doing so I discovered that by
> using these same characters in user names you could prevent the Boot-disk
> password changers from being able to change the Admin and other passwords.
>
> Possibly this is old news but I found it quite interesting. I am posting it
> to see if anyone else has found similar results, and maybe even ways to
> defeat this.
>
> 1. The character list: These are all ALT characters that L0phtCrack and
> Advanced NT Security Explorer could not detect. I made the password 5
> characters long and added them to the custom character sets. For my test,
> after testing all of them, I decided to use Alt-251 (v) it is the square
> root symbol but shows as a small v in the cracking programs, or not at all
> in the password recovery boot disks.
> 1-32
> 127-130
> 132
> 134
> 135
> 142-146
> 148
> 153-159
> 164-255
> 0127
> 0131
> 0135
> 0149
> 0160-0167
> 0170-0172
> 0176-0178
> 0181-0183
> 0186-0189
> 0191
> 0196-0199
> 0201
> 0209
> 0214
> 0220
> 0223
> 0228-0231
> 0233
> 0241
> 0246
> 0247
>
> 2. Defeating password crackers: Ok so now we make a user name "joev"
> (without the quotes) and we make the password "1234v". Well I spent 3 days
> and could not get the password cracked even after I added it to the custom
> character sets; maybe I am just an amateur. So please let me know if I am
> doing something wrong. Notice the username displays as joev in L0phtCrack
> and the others. Also try using sid2user and other user information
> utilities on it. Most will tell you the user does not exist, whether you
> add the special character or put it as a small v. Even the W2000 Resource
> Kit "showmbrs.exe" does not display the special character.
>
> 3. Ok so know we have to prevent the Password recovery boot disks from being
> able to change the passwords. I had the "Linux password changer" and the
> one from Win/sysinternals.
>
> 4. First, no matter what you change the name of the built-in administrator
> account to you can always change the password with these tools, I am
> assuming it is because the SID is always the same. You cannot disable it so
> had to come up with a way to get around that. So I simply created a group
> called "no access" added the built in administrator account to it. I added
> deny logon locally and deny access this computer from the network
> privileges, and took away all access to the drives, essentially disabling
> it.
>
> 5. Ok now we made joev a member of the admin group. We boot to the
> Password recovery disk. The users except for joev show normal he shows as
> joe. Since we know his real username we try entering it that way, and the
> way it displays, either way we get cannot find user. I could change any
> password except for the joev. If we change the built in admin accounts
> password all is great, of course we cannot log in as him. If we use one of
> these Alt characters in all the usernames we essentially can prevent any of
> the passwords (except the built in admin account) from being changed.
>
> 6. Well now I know there are other ways of editing the registry, installing
> a separate installation of the OS etc. etc.. But I believe this is a pretty
> cool way of thwarting the basic "hacker" that thinks he is going to walk up
> to your system and boot to this disk and change the password and get in.
> Further it is nice to know that there are passwords you can make that even
> the common crackers cannot crack.
>
> Well this is my little discovery your thoughts and counter-thoughts are
> greatly appreciated. I do not mean this to be an end-all way of defeating
> these programs, but every little bit helps.
>
>
>
>
> ______________________
> Dave Kleiman
> dave@netmedic.net
> www.netmedic.net
>
>
>
>

-- 
Nothing More, For Me to Say,
About my life, A Life of Dreams....

• Next message: Trevor Cushen: "RE: passwords"
• Previous message: McKenzie Family: "Checkpoint NG - SMTP Guard Features"
• Maybe in reply to: dave: "Defeating password cracking"
• Next in thread: neopara: "Re: Defeating password cracking"
• Reply: neopara: "Re: Defeating password cracking"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]