Decrypt W2K Password Hashes

Well you're all doing pretty decently so far, I'll put together a few points to answer your doubts (the numbering is not the same as the questions I asked, I'm too lazy right now..)

1) Active Directory is what coordinates and centralises your domains in the Win2k onwards world.. when you logon to the domain you authenticate with AD.. yes, the best way here would be to fire up l0phtcrack and sniff the hashes as they travel the network and then set them up to crack.. depending on the topology (switched / hubbed), you will need to consider ARP poisoning or some similar MiTM attack to see the traffic.

2) You all got it right about CPU.. cracking is very CPU intensive.. I'm not sure of whether a P4 with HT would be faster than an A64 but then again I'm heavily AMD biased with regard to performance on these issues (Intels higher clockspeed stats are designed to fool laymen).

Thats why the OpenMosix cluster (see our Linux section article) for password cracking is so successful. I'm essential using a 10 CPU system for the cracking, giving you extremely large gains.


3) Gl0bal got 3 factor authentication right.. Something you know -- like a password, something you have -- like a swipe card, and something you are -- like your fingerprint.

After an analysis of most of the 3rd factor mechanisms, I would go with fingerprint scanning as I think its the most mature technology.. voice recognition, retinal scanning and facial scanning are still weak (would you trust a security guard who was right only 90% of the time -- in other words out of every 10 people, he will let in 1 unauthorised user ?).

I know of one famous company with a *very* expensive facial recognition product.. you can actually bypass this stupid million $$ thing by printing a live-size image of a valid user on non glossy paper and then holding it up to the scanner !! So much for getting your money's worth.

4) Disabling syskey will damage your registry... so you wouldn't want to do that.. I'm not gonna answer the other syskey questions yet as I want more people to take a shot.

5) Precomputed hash tables - USCfan got it right, basically how does a password cracker work ? Lets have a look..

[code:1]
I get your encrypted password :

&$#@HdfhA9235

I want to try a dictionary attack against this password.. so I look at the first word in the dictionary.. say its 'aardvark'.. I compute the encrypted version of 'aardvark'

aardvark ----> GHD78623#$&#4

Since GHD78623#$&#4 and &$#@HdfhA9235 are not the same, I know this is not the right password... so I pick the next word.. which happens to be 'happy123' and encrypt that..

happy123 ----> &$#@HdfhA9235

Ahaah ! So now &$#@HdfhA9235 and &$#@HdfhA9235 match ! Therefore Happy123 is your password..

Now this happens lightning fast.. but reading the dictionary word, encrypting it, and then checking takes time.. so what if, just *once*.. I take my whole dictionary, and compute the hashes.. then the next time I need to crack passwords, I can skip that step ! All I do is read the precomputed hash, and compare to the new hash..

This brings down cracking time from days to hours and hours to minutes !!

While you're at it, why not generate precomputed hashes for all password possibilities from a-z A-Z 0-9 ? The hash table you'll get will be huge (a few GB at least), but you'll speed up your cracking alot.

If you want precomputed hash tables, LC5 has a hash generation tool. I've got some massive tables saved at work, but transferring 10's of GB's is not feasible.

[/code:1]

Another point, you might have noticed that 'happy123' gives you the right hash.. well what alot of people don't know is that happy123 is not the only phrase that will generate that hash !

In other words.. two pieces of data can yield the same hash. The algorithms are such that the chance of this happening is 1 in many millions, but it can happen. In other words, there is actually another string that will work in place of your password !!!

For all you know, someone might try typing 'donkey14324' and it will yield the same hash. For your computer.. this is fine, and it will log them in, even though 'technically' the password is different !

This is the basis for the recent attacks against MD5, which is the most commonly used hashing algorithm.. researchers have started discovering that it is easier to predict these 'collisions' in MD5, and in some cases, even create collisions on your own.. Thus I suggest that any of you who use MD5 at present consider switching to SHA-1.. the chance of collisions is less there.. since MD5 is a 128 bit hash and SHA-1 is a 160 bit hash.

This thread is picking up quite nicely.. one a couple more people contribute, I will move it to the Security & Firewalls section as the definitive password cracking thread.

Cheers,

2. What is the key length of the syskey encryption ?
- 128bit (of course it applies over the actual md5 pass hash).

3. Is life different if the syskey is stored on a syskey floppy disk ?
- well.. unless you have that floppy

4. What happens if you lose the syskey floppy ?
-- ALL HELL BREAKS LOOSE! :shock: :shock: :shock:

Not really, I just like the phrase.. especially pronounced "toughly", the hollywood-way
.. But maybe it does if you use microsoft's file encryption.:lol:

Otherwise, at most you'd need a windows reinstallation, though there has to be a way for the winblows to know to expect syskey from a floppy (somewhere in the registry propably), so maybe someone can change that delicatelly, by booting otherwise. Unless the whole registry is encrypted with the syskey's key, in which case, I think, bye bye settings -you'll need a new registry-.

Full marks Nske

hi to all,

would it be possible to have a tutorial with regards to the subject for just pure educational purposes. i think this is a great way of learning how password security really works so that we may be able to apply it in our networking lives in order to promote proper security in the workplace..

just a suggestion....

And a good one too.. lets see if we can pick up the best information from this thread.