RE: Brute-forcing cached Windows login password hashes

From: Ben Greenberg (Ben.Greenberg@senet-int.com)
Date: Thu Jul 26 2007 - 08:53:55 EDT


Thanks much!

-----Original Message-----
From: Jerome Athias [mailto:jerome.athias@free.fr]
Sent: Thursday, July 26, 2007 1:35 AM
To: Ben Greenberg
Cc: pen-test@securityfocus.com
Subject: Re: Brute-forcing cached Windows login password hashes

Hi Ben,

Ben Greenberg a écrit :
> Greetings all,
>
> My question is regarding the encrypted password hashes that Windows stores
in
> the registry of the last 10 logins to a workstation.
>
> I read the original white paper written by Arnaud Pilon and I've used his
> cachedump tool to extract the password hashes from the registry. What I'm
> wondering is what type of hash those passwords use. Is it straight MD4?
Some references:
http://support.microsoft.com/kb/913485 (global view)

http://www.microsoft.com/technet/community/columns/secmgmt/sm1005.mspx
Quote:
"Windows also stores a password verifier on domain members when a domain
user logs on to that domain member. This verifier can be used to
authenticate a domain user if the computer is not able to access the
domain controller. In Windows XP the password verifier is also used to
speed up domain logon when the computer is cold-booted. The password
verifier is also commonly called a cached credential. It is computed by
taking the NT hash, concatenating the user name to it, and then hashing
the result using the MD4 hash function.

Internally, Windows represents passwords in 256-character UNICODE
strings. The logon dialog is limited to 127 characters, however.
Therefore, the longest password that can be used to log on interactively
to a computer running Windows is 127 characters. Theoretically, programs
such as services can use longer passwords, but they must be set
programmatically because the password change dialog will not allow a
password longer than 127 characters."

> I know that each hash is salted with a machine-specific unique string. What
I
> am unclear on is what exactly the password hash is and how it can be
> brute-forced.

> I know that there is a patch for John the Ripper, but every
> mention I can find refers to a two year old version of John. Does anyone
know
> if the most recent version has this patch in it already?
Probably. Make sure to check Cain & Abel (oxid.it) also...
> Also, is anyone familiar with any rainbow tables for cracking these
passwords? Are rainbow
> tables possible for these hashes because of the salting?
>
Well, it is possible:
http://www.freerainbowtables.com/index-rainbowtables-tables-mscache.html
(link #2 is 404 i know but #1 should work) Note: these tables were
precomputed salted with the login "Administrator"
But with one set of tables for each salt, it should not be so useful or
usable (unless you have a big cluster to precompute thetables in less
than an hour :p anf if so, please let me know! ;))...
> Thanks all.
Good luck
/JA

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:58 EDT