On Wed, Jul 24, 2013 at 1:13 PM, Jim Henderson
On Wed, 24 Jul 2013 12:59:24 -0400, Greg Freemyer wrote:
I can say with confidence that at least one form of Windows XP authentication is attackable via rainbow tables (LM - Lan Manager).
NTLM is a pretty old system, and certainly at least at one time, it was possible to use rainbow tables against it. I *think* there's a newer NTLM (NTLMv2 perhaps) that uses salt, but it's been a while since I looked into it.
Keep in mind that Windows XP is also quite old - it's nearly out of support, but we're talking about pretty old technology here.
Salting is not a new technique either. And XP may be old, but it also relatively common to be somewhere in a Windows network. You know, the one PC that has to run XP because the specialized app it runs doesn't support Win7, so a policy exception was granted for it. Or maybe it's embedded in a printer, but is joined to the domain for support purposes. Even Windows 2000 servers are common in larger Windows shops. Often sitting out in a test network or other area of disregarded servers. I don't believe with either of them (XP/2000) Microsoft supports a authentication system that is not easily attacked by rainbow table based attacks. If a network of 5,000 windows boxes has a few old XP / Windows 2000 machines on it, bad guys will target those boxes for exploitation. That grab the SAM file, then crack any local admin accounts and any locally cached domain accounts (via rainbow tables) then use those new credentials to move around the network. Cracked domain accounts are gret on their face and most orgs use the same local admin password on numerous machines, so a cracked local admin login/password off of a XP / Win2000 box may give you local admin access to systems with more sophisticated security. Greg Greg Freemyer Chief Technology Officer Intelligent Avatar Corporation (678) 653-4860 Greg.Freemyer@gmail.com http://www.linkedin.com/in/gregfreemyer CNN/TruTV Aired Forensic Imaging Demo - http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retriev... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org