Passing the hash

Data that travels over the air and how to protect (or decipher) it

Passing the hash

Post by beagle on Thu Jul 03, 2008 7:55 pm
([msg=6502]see Passing the hash[/msg])

I've got a question. There's a technique called "Passing the hash", in which you simply feed the encrypted password into the challenge issued by the server you're trying to hack, rather than decrypt it using a password cracking tool such as 10phtcrack, which takes time and energy. You can then gain access to the server without knowledge of a valid password, just it's encrypted hash.
That's in theory, anyway. My question is: What if the server has restrictions on it that require the password to be unencrypted? Is there a way around that, or do you have to decrypt the password yourself?
Please reply.
011000100110010101100001011001110110110001100101
beagle
Poster
Poster
 
Posts: 244
Joined: Wed Jul 02, 2008 2:37 pm
Location: Chico, CA
Blog: View Blog (0)


Re: Passing the hash

Post by int3grate on Sun Jul 06, 2008 9:23 pm
([msg=6712]see Re: Passing the hash[/msg])

beagle wrote:I've got a question. There's a technique called "Passing the hash", in which you simply feed the encrypted password into the challenge issued by the server you're trying to hack, rather than decrypt it using a password cracking tool such as 10phtcrack, which takes time and energy. You can then gain access to the server without knowledge of a valid password, just it's encrypted hash.
That's in theory, anyway. My question is: What if the server has restrictions on it that require the password to be unencrypted? Is there a way around that, or do you have to decrypt the password yourself?
Please reply.


This only works on Windows with NTLM passwords stored by the LSA (local security authority). This is useful for getting access to SMB shares and Terminal Services with stolen password hashes. Most modern networks use Kerberos or a stronger authentication protocol for almost everything, so these types of attacks are becoming less prevalent.
int3grate
New User
New User
 
Posts: 38
Joined: Tue May 27, 2008 7:54 pm
Blog: View Blog (0)


Re: Passing the hash

Post by beagle on Mon Jul 07, 2008 10:35 am
([msg=6743]see Re: Passing the hash[/msg])

So I discovered.
011000100110010101100001011001110110110001100101
beagle
Poster
Poster
 
Posts: 244
Joined: Wed Jul 02, 2008 2:37 pm
Location: Chico, CA
Blog: View Blog (0)


Re: Passing the hash

Post by int3grate on Mon Jul 07, 2008 11:55 pm
([msg=6804]see Re: Passing the hash[/msg])

It's a pretty good attack, and not many people know about it. There's a nice toolkit, created by core security that will allow you to exploit these flaws. Learn more about it here: http://oss.coresecurity.com/projects/pshtoolkit.htm
int3grate
New User
New User
 
Posts: 38
Joined: Tue May 27, 2008 7:54 pm
Blog: View Blog (0)


Re: Passing the hash

Post by beagle on Tue Jul 08, 2008 9:59 am
([msg=6837]see Re: Passing the hash[/msg])

Whoa. That site is AWESOME! I just downloaded IAM.exe from it.
011000100110010101100001011001110110110001100101
beagle
Poster
Poster
 
Posts: 244
Joined: Wed Jul 02, 2008 2:37 pm
Location: Chico, CA
Blog: View Blog (0)


Re: Passing the hash

Post by yourmysin on Tue Jul 15, 2008 8:12 pm
([msg=7497]see Re: Passing the hash[/msg])

Insecure javascript implementations of hashing functions will allow you to replay the hash rather then cracking it. Sorry if this is a bit off topic but I figured it may spike your interest.

Quite a few web development agencies use javascript hashing functions to prevent packet sniffers from grabbing the plaintext password of an insecure web page.
A+, Network+, MCTS(70-620), Security+, CCNA
yourmysin
Experienced User
Experienced User
 
Posts: 84
Joined: Mon Apr 21, 2008 9:02 pm
Location: Newport, Maine, USA
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests