Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Passwords with Lan Manager (LM) under Windows

from [Thor (Hammer of God)] Network Security [Permanent Link]
Subject: Re: Passwords with Lan Manager (LM) under Windows
Date: Thu, 22 Sep 2005 00:54:20 -0700 
I saw this one first, so I go top-down (It's getting late for me, so I'll
get right to it.)

First off-- don't just Google for it and reference a single article with
out-of-context "cut and paste" elements from:
http://www.microsoft.com/technet/itsolutions/cits/mo/smf/smfsecad.mspx

You quote:
"advisable to make IPsec-based authentication a part of the authentication
process"

The actual text reads:
"As mentioned earlier, L2TP relies on other protocols for its security. L2TP
authentication is best for the exchange of packets between the LAC and the
LNS. Therefore, it is advisable to make IPSec-based authentication a part of
L2TP."  Other quotes are similar..

My original post was to content regarding actual authentication protocol
mechanisms like LM, NTLM, NTLMv2 and Kerberos. The article you reference
does indeed use the phrase "IPSec Authentication," but as any who reads it
will see, the term is used to describe the higher level protocol deployment; a higher
level protocol that has, as I said before, 3 authentication mechanisms
available to establish a connection. Here's the article that should be
referenced:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/be7540ff-2a1d-47b4-8e7f-501ec692ad11.mspx

The relevant text being:
<meat>
Overview of authentication methods:
For authentication, IPSec allows you to use the Kerberos V5 protocol,
certificate-based authentication, or preshared key authentication.
</meat>

Which is what I said the first time.

And not to be blunt, but your previous post describing the IPSec channel setup of "system" and "client" is just wrong... the above link has many other references that will help you understand how IPSec Policies and component filters and actions work. The "2 parts" are the default negotiation, and the subsequent filter definitions. Both of which still require a PSK, Kerberos auth, or cert to be established.

The data is all right there if you want to check it out-- I don't see any reason to argue about it, and it's all right there in the documentation... If you want to discuss this off-list, (in a constructive way) I'm happy to do so, but I think we're done on the list... (except for my last response to the first message- then I'm hitting the sack ;)

t



----- Original Message ----- From: "Craig Wright" <cwright@bdosyd.com.au>
To: "Thor (Hammer of God)" <thor@hammerofgod.com>; <pand0ra.usa@gmail.com>;
<pen-test@securityfocus.com>
Sent: Thursday, September 22, 2005 12:01 AM
Subject: RE: Passwords with Lan Manager (LM) under Windows


PPPS

To drop a quote from Technet (Microsoft Corporation)
"IPsec based Authentication and integrity" and
"Initial security proposals involve using IPsec-based authentication"
"advisable to make IPsec-based authentication a part of the
authentication process"
"IPsec-based authentication is recommended"

To quote the "rmt-pi" working party from the IETF
"provided using IPsec-based authentication at the network layer"

"I'd have to say that there is no such thing..." - Please inform MSFT -
they seem to think there is

Craig

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: 22 September 2005 3:46
To: Craig Wright; pand0ra.usa@gmail.com; pen-test@securityfocus.com
Subject: Re: Passwords with Lan Manager (LM) under Windows

Well, that's an issue with the client, not NTLMv2.  NTLMv2 is tight.  LM
sucks- that's obvious (and it was IBM, not MS that gave us that one.)
And yes, you can use precomputed tables against NTLM hashes, but not
against NTLMv2... The NTLM hash is keyed off of the password, but NTLMv2
hashes up the password with the user's domain/user data when generating
the key...
You can't precompile that data into a rainbow, you know?

Regarding the "IPsec based auth" reference (here I go again), I'd have
to say that there is no such thing... IPSec negotiation in Windows can
be based on one of three mechanisms:  A pre-shared key, Kerberos, or a
cert-- it is not an authentication protocol in itself... (the cert being
the strongest IMO).

t


----- Original Message -----
From: "Craig Wright" <cwright@bdosyd.com.au>
To: "Thor (Hammer of God)" <thor@hammerofgod.com>;
<pand0ra.usa@gmail.com>; <pen-test@securityfocus.com>
Sent: Wednesday, September 21, 2005 10:05 PM
Subject: RE: Passwords with Lan Manager (LM) under Windows


Further to the last post
There are a number of issues with NTLMv2 and legacy applications such as
Windows RAS that cause lower levels of authentication

I still say that Kerberos or IPsec based auth is the best policy in
windows. LanMan, NTLMv1 or V2 are vulnerable.

Precomputed tables may have been uncommon 12 months ago - but that was
then and this is now.

Cain & Abel will use sorted Rainbow Tables for Cryptanalysis attacks

Craig

-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@hammerofgod.com]
Sent: 22 September 2005 12:00
To: Craig Wright; pand0ra.usa@gmail.com; pen-test@securityfocus.com
Subject: Re: Passwords with Lan Manager (LM) under Windows


----- Original Message -----
From: "Craig Wright" <cwright@bdosyd.com.au>
To: <pand0ra.usa@gmail.com>; <pen-test@securityfocus.com>
Sent: Wednesday, September 21, 2005 12:32 PM
Subject: RE: Passwords with Lan Manager (LM) under Windows


Even NTLMv2  will break the hashing into chunks which are able to be
individually broken down.


I'm not sure what you mean... NTLMv2 uses a single 128bit key for the
hash, challenge and response...  Or are you referring to the NTLM2
session response key (56+56+16)? If so, that is not the same thing as
NTLMv2...
Can
you elaborate please ?

t







------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Certification OPST, skarvin
Next by Date:  Re: Whitespace in passwords, Sahir Hidayatullah
Previous by Thread:  RE: Passwords with Lan Manager (LM) under Windows, Craig Wright
Next by Thread:  RE: Passwords with Lan Manager (LM) under Windows, Craig Wright
Indexes:  [Date] [Thread] [Top] [All Lists]