I've got a question. There's a technique called "Passing the hash", in which you simply feed the encrypted password into the challenge issued by the server you're trying to hack, rather than decrypt it using a password cracking tool such as 10phtcrack, which takes time and energy. You can then gain access to the server without knowledge of a valid password, just it's encrypted hash.
That's in theory, anyway. My question is: What if the server has restrictions on it that require the password to be unencrypted? Is there a way around that, or do you have to decrypt the password yourself?
Please reply.
Passing the hash
6 posts • Page 1 of 1
Passing the hash
by beagle on Thu Jul 03, 2008 7:55 pm
([msg=6502]see Passing the hash[/msg])
011000100110010101100001011001110110110001100101
- beagle
- Poster
- Posts: 244
- Joined: Wed Jul 02, 2008 2:37 pm
- Location: Chico, CA
- Blog: View Blog (0)
Re: Passing the hash
by int3grate on Sun Jul 06, 2008 9:23 pm
([msg=6712]see Re: Passing the hash[/msg])
beagle wrote:I've got a question. There's a technique called "Passing the hash", in which you simply feed the encrypted password into the challenge issued by the server you're trying to hack, rather than decrypt it using a password cracking tool such as 10phtcrack, which takes time and energy. You can then gain access to the server without knowledge of a valid password, just it's encrypted hash.
That's in theory, anyway. My question is: What if the server has restrictions on it that require the password to be unencrypted? Is there a way around that, or do you have to decrypt the password yourself?
Please reply.
This only works on Windows with NTLM passwords stored by the LSA (local security authority). This is useful for getting access to SMB shares and Terminal Services with stolen password hashes. Most modern networks use Kerberos or a stronger authentication protocol for almost everything, so these types of attacks are becoming less prevalent.
- int3grate
- New User
- Posts: 38
- Joined: Tue May 27, 2008 7:54 pm
- Blog: View Blog (0)
Re: Passing the hash
by beagle on Mon Jul 07, 2008 10:35 am
([msg=6743]see Re: Passing the hash[/msg])
So I discovered.
011000100110010101100001011001110110110001100101
- beagle
- Poster
- Posts: 244
- Joined: Wed Jul 02, 2008 2:37 pm
- Location: Chico, CA
- Blog: View Blog (0)
Re: Passing the hash
by int3grate on Mon Jul 07, 2008 11:55 pm
([msg=6804]see Re: Passing the hash[/msg])
It's a pretty good attack, and not many people know about it. There's a nice toolkit, created by core security that will allow you to exploit these flaws. Learn more about it here: http://oss.coresecurity.com/projects/pshtoolkit.htm
- int3grate
- New User
- Posts: 38
- Joined: Tue May 27, 2008 7:54 pm
- Blog: View Blog (0)
Re: Passing the hash
by beagle on Tue Jul 08, 2008 9:59 am
([msg=6837]see Re: Passing the hash[/msg])
Whoa. That site is AWESOME! I just downloaded IAM.exe from it.
011000100110010101100001011001110110110001100101
- beagle
- Poster
- Posts: 244
- Joined: Wed Jul 02, 2008 2:37 pm
- Location: Chico, CA
- Blog: View Blog (0)
Re: Passing the hash
by yourmysin on Tue Jul 15, 2008 8:12 pm
([msg=7497]see Re: Passing the hash[/msg])
Insecure javascript implementations of hashing functions will allow you to replay the hash rather then cracking it. Sorry if this is a bit off topic but I figured it may spike your interest.
Quite a few web development agencies use javascript hashing functions to prevent packet sniffers from grabbing the plaintext password of an insecure web page.
Quite a few web development agencies use javascript hashing functions to prevent packet sniffers from grabbing the plaintext password of an insecure web page.
A+, Network+, MCTS(70-620), Security+, CCNA
- yourmysin
- Experienced User
- Posts: 84
- Joined: Mon Apr 21, 2008 9:02 pm
- Location: Newport, Maine, USA
- Blog: View Blog (0)
6 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests