[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1058997209.2790.34.camel@el-cap>
From: DARREN.L.BENNETT at saic.com (Darren Bennett)
Subject: NEW windows password encryption flaw..
Here is a yahoo story on the same problem... Others seem to think that
it is indeed a problem (and one that ONLY affects Windows).
http://story.news.yahoo.com/news?tmpl=story&cid=620&ncid=620&e=1&u=/nf/20030723/bs_nf/21952On
-Darren
Wed, 2003-07-23 at 13:24, 3APA3A wrote:
> Dear Darren Bennett,
>
> Windows uses password hash in a same way as Unix uses cleartext
> password. Having password hash you can connect to Windows network
> without knowledge of cleartext password (I spent 2 minutes to modify
> smbclient to use hash instead of password and 5 minutes to test, you can
> try to do it as a challenge... Hint: all you need is to skip MD4
> encoding if password is already looks like MD4 hash). So, cracking of
> Windows hashes gives you nothing in fact.
>
>
> --Wednesday, July 23, 2003, 9:48:51 PM, you wrote to full-disclosure@...ts.netsys.com:
>
> DB> Is this new? I read about it on slashdot...
>
> DB> http://lasecpc13.epfl.ch/ntcrack/
>
> DB> Basically, it seems that Microsoft has (yet again) screwed up the
> DB> implementation of their encryption scheme. This makes cracking any hash
> DB> a matter of seconds. Oops...
--
-----------------------------------------------
Darren Bennett
CISSP, Certified Unix Admin., MCSE, MCSA, MCP +I
Sr. Systems Administrator/Manager
Science Applications International Corporation
Advanced Systems Development and Integration
-----------------------------------------------
Powered by blists - more mailing lists