Re: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)

From: Peter Parker (peterparker@fastmail.fm)
Date: Fri Jun 11 2004 - 09:55:04 EDT

• Next message: Curt Purdy: "RE: [ok] Wireless pentesting requirements"
• Previous message: Mister Coffee: "Re: Wireless pentesting requirements"
• In reply to: Romes, Randall J.: "Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)"
• Next in thread: Kurt Grutzmacher: "Re: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

seach for a tool called idr (id recovery).. a good dictionary and
bruteforcing tool... had worked for me earlier :)

On Thu, 10 Jun 2004 06:43:19 -0500, "Romes, Randall J."
<Rromes@larsonallen.com> said:
> Any one familiar with a means of recovering/cracking the password for
> lotus
> notes which resides in the .id file?
>
> Any one know how the password is encrypted/hashed?
>
> Thanks
> Randy
>
> -----Original Message-----
> From: Nicolas RUFF (lists) [mailto:ruff.lists@edelweb.fr]
> Sent: Tuesday, May 25, 2004 10:17 AM
> To: pen-test
> Subject: Re: Cached NT/W2k passwords
>
>
> > Has anyone been able to decrypt the hash password from
> > the cached login on NT or W2K ?
> > We're is it located ? In the registry ? If so what's
> > the key....
> > I've been looking around the only thing I can find is
> > how to disable this feature :(
>
> Hi,
>
> If you're talking about the CachedLogonsCount registry key, there has
> been a
> thread 2 weeks ago on FOCUS-MS :
>
> http://www.securityfocus.com/archive/88/362946/2004-05-21/2004-05-27/0
>
> Basically, storage is either in LSA Secrets or NL$ registry keys
> (depending
> on Windows version), and there is no publicly available tool to decrypt
> the
> hash. The stored value is a salted hash : NTLM( username +
> NTLM(password)).
> This is hard to crack by brute-force if password > 6 chars.
>
> Regards,
> - Nicolas RUFF
> -----------------------------------
> Security Consultant
> EdelWeb (http://www.edelweb.fr/)
> -----------------------------------
> --------------------------------------------------------
>
> This message (including any attachments) may contain confidential client
> information. The information is intended only for the use of the
> individual or entity to whom it is addressed. If you are not the
> addressee or the employee or agent responsible to deliver this e-mail to
> its intended recipient, you are hereby notified that any review, use,
> dissemination, distribution, disclosure, copying or taking of any action
> in reliance on the contents of this information is strictly prohibited.

-- 
  peter
  peterparker@fastmail.fm
-- 
http://www.fastmail.fm - The professional email service

• Next message: Curt Purdy: "RE: [ok] Wireless pentesting requirements"
• Previous message: Mister Coffee: "Re: Wireless pentesting requirements"
• In reply to: Romes, Randall J.: "Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)"
• Next in thread: Kurt Grutzmacher: "Re: Lotus Notes .id file pw recover (Was Cached NT/W2k passwords)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:56 EDT