RE: ADS Password Storage Protection
- From: "Roger A. Grimes" <roger@xxxxxxxxxxxxxx>
- Date: Fri, 21 Jul 2006 16:52:02 -0400
I havent' seen a modified SMB client work on XP Pro and above since SMB
signing was enabled. People keep telling me it's possible, but when I
say show me, it doesn't work.
-----Original Message-----
From: Christian.Assfalg@xxxxxxxxxxxxxxxxxxxxxxxxxxx
[mailto:Christian.Assfalg@xxxxxxxxxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, July 20, 2006 2:25 AM
To: Roger A. Grimes; security-basics@xxxxxxxxxxxxxxxxx
Subject: AW: ADS Password Storage Protection
However, all this discussion is based on the assumption that a cracker
actually HAS the hash, and actually needs the clear-text password. As
mentioned several times, you can aparently perfectly authenticate with
the hash only by using a modified smb client. So why cracking the
password at all?
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- AW: ADS Password Storage Protection
- From: Christian . Assfalg
- AW: ADS Password Storage Protection
- Prev by Date: Has anyone used the ReflexIPS appliance?
- Next by Date: SF new column announcement: A month of browser bugs
- Previous by thread: Re: AW: ADS Password Storage Protection
- Next by thread: Web Authentication
- Index(es):
