Continuity check inline:
----- Original Message -----
From: "David Ruschinek" <drusho@GMAIL.COM>
To: <NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
Sent: Wednesday, September 08, 2004 3:09 AM
Subject: Re: kerberos!
The Authentication used over netbios/SMB/CIFS connections (at least in
win2003 and winXPPro) is IWA (Integrated Windows Authentication).
IWA is a mixture of several protocol where the strongest is attempted
first and then the weaker one. IWA uses Kerberos 5, Kerberos 4,
NTLMv3, NTLMv2 and Lan Manager (LM).
Actually, the client can specify the level- it is not always the "strongest
first." And it is NTLMv2, NTLM, and LM. If you really have NTLMv3, how
about gimme a copy? ;)
This is some the problems with IWA Authentication:
1. Fall back to weaker protocols
2. NTLM version backwards compatiblity
3. Pasword hash is consistent (it is still better than basic though)
4. Domain of remote machine can be sniffed
Minimum levels can be set, so that there is no "fall back."
2. NTLM version backwards compatiblity
NTLM has had several versions Windows 2003, XP and 2000 use version 3,
Windows NT used version 2.
I think you mean "level" and not "version." And again, these could all be
set.
2. Password HASH is consistent
One of known issues with NTLM v2 was the 7 character hash. (every 7
characters is hashed with the same algorithm)
NTLM v2 would only process the first 2 blocks of 7 characters, this if
two passwords have Identical characters for the first 14 digits they
were the same password.
There is a popular password cracker called L0phtcrack:
http://www.atstake.com/products/lc/
in NTLMv3 the Password hash is still consistent.
About 1 year ago some professors built a machine to crack NTLMv2 and
v3 using password hash tables. I cannot find a link right now
This is what really made me reply-- you're talking about the old LM hash,
not NTLMv2 (or even NTLM for that matter.) And the "first two blocks" bit is
not correct... The max 14 char pwd was split into 2 individual 7 char
hashes, independently... But this is like, way super old, and not really
worth talking about anymore. Yes, in Win2k, by default, on a stand-alone
system, the LM hash would be stored. But you could set it not to, or just
have a >14 char pwd and "bye bye lm hash." And Mark's point in the article
was not "NTLMv2 is weak," it was that weaker methods could be used by
default. AFA playback of NTLMv2 creds via MITM attacks, remember that by
default, SMB communications between server and client will be signed if
possible (and you can require it if you want to... ) That would pretty much
nix the MITM stuff.
3. Domain of remote machine can be sniffed
One of the requirements for NTLMv3 and Kerberos is the domain for
authentication.
This can be sniffed (Network Monitor or Ethereal).
It can all be sniffed... In win2k an anonymous connection will get you far
more than that... In fact, the domain is free info (so that the user can
select which domain to log into...) No biggie there...
Anyway, just thought I would chime in on a few things...
T
-----
NTBugtraq Editor's Note:
Want to reply to the person who sent this message? This list is configured such
that just hitting reply is going to result in the message coming to the list,
not to the individual who sent the message. This was done to help reduce the
number of Out of Office messages posters received. So if you want to send a
reply just to the poster, you'll have to copy their email address out of the
message and place it in your TO: field.
-----
