Re: Stealing NT passwords through WiFi?

From: Ugen (
Date: 05/20/04

  • Next message: 3APA3A: "Re: Stealing NT passwords through WiFi?"
    Date: Thu, 20 May 2004 11:31:38 -0400
    To: 3APA3A <3APA3A@SECURITY.NNOV.RU>, VulnDev <>

    3APA3A wrote:

    >Wireless device has no copy of password hash in this scenario, what it
    >has is 192 bit response, each 64 bits of response are independently
    >calculated from challenge (challege is calcualated in different way for
    >MS-CHAP and MS-CHAPv2 and this is only difference) and 56 bits of the
    >user's password hash as a key. You can restore password by bruteforcing
    >or restore password hash by breaking 56 bit DES encryption. In case of
    >MS-CHAP and LM hash is used, password can be bruteforced in relatively
    >short time because of limited alphabet and possibility to crack first 7
    >characters of the password independently. MS-CHAPv2 doesn't support LM
    I am under impression that as an authentication server the rogue system
    can require any version of
    MS-CHAP it chooses. If the original system is configured to support both
    (and XP supplicant does,
    not even sure if there is an easy way to force v2. only) the reply will
    include LM hash. Got to test
    that, of course.

    >It doesn't matter if you recover cleartext password by bruterforcing
    >password or you recover password hash by cracking DES, because with
    >password hash you can connect to any resource without cleartext
    I took a shortcut in description here indeed :) This is the crucial
    point though - I haven't found
    ready made tools to work this step, though there was mention somewhere
    that l0phtcrack is able
    to use MS-CHAP (no version specified) data as an input. This is where
    I'd welcome good

    >U> Does it make sense to anyone else?
    >Of cause, MS-CHAP is less secure than Kerberos and even NTLMv2 (MS-CHAP
    >is actually NTLM, but MS-CHAPv2 is not NTLMv2, it's MS-CHAP with
    >modification to challenge calculation and with mutual authentication and
    >same weak cryptography). I would not recommend you to use user's logon
    >account for wireless communications. Have different account for this
    >case with limited rights.
    I am not planning to use this method. I am trying hard to make sure
    others don't either. I am aware
    of a some large entities that consider using existing NT logons for
    exactly this method (PEAP/MS-CHAP)
    of wireless users authentication. The default XP supplicant will only
    use current system logon credentials
    (or a certificate, but thats another story) and that is something the
    method gets.
    In any case credentials obtained this way would get an attacker access
    to given wireless network later on.

  • Next message: 3APA3A: "Re: Stealing NT passwords through WiFi?"