Saturday, May 5, 2012

Crack Windows NTLM with Pre computed Hash Tables

10:52 PM    No comments




Breaking encrypted passwords has been of interest to hackers for a long time,
and protecting them has always been one of the biggest security problems operating
systems have faced, with Microsoft’s Windows being no exception.
Windows
NT introduced the NTLM(NT LanManager) authentication method to provide
stronger authentication. The NTLM protocol was originally released in version
1.0(NTLM), and was changed and fortified in NT SP6 as NTLMv2. When
exchanging files between hosts in a local area network, printing documents on
a networked printer or sending commands to a remote system, Windows uses
a protocol called CIFS - the Common Internet File System. CIFS uses NTLM
for authentication.
Breaking NTLM with precomputed tables
The following screenshot depicts a proof of concept implementation that accepts
an incoming CIFS connection, goes through the protocol negotiation phase with
the connecting client, sends out the static challenge, and disconnects the client
after receiving username and NTLM hash from it. The server also logs some
more information that the client conveniently sends along.
IceDragon wincatch # bin/wincatch
This is Alpha stage code from nologin.org
Distribution in any form is denied
Src Name: BARRIERICE
IP: 192.168.7.13
Username: Testuser
Primary Domain: BARRIERICE
Native OS: Windows 2002 Service Pack 2 2600
Long Password Hash:
3c19dcbdb400159002d8d5f8626e814564f3649f0f918666
That’s a Windows XP machine connecting to the rogue server running on Linux.
The client is connecting from IP address 192.168.7.13. The username is “Testuser”,
the name of the host is “BarrierIce”, and the password hash got captured
too of course.


Ophcrack is a free Windows password cracker based on rainbow tables. It is a very
efficient implementation of rainbow tables done by the inventors of the method. It comes
with a Graphical User Interface and runs on multiple platforms.
Follow the steps below to recover Windows user id and password information
1.) Point your browser to http://ophcrack.sourceforge.net/ and download ophcrack live cd
image for your OS depending on whether you run Windows XP or Vista.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)