[FONT=Arial][SIZE=2]Date: Thu, 24 Jul 2005 10:24:37 -0400[/SIZE][/FONT]
[SIZE=2][FONT=Arial]From: Who cares what the hell goes into a Gecos field anyway![/FONT][/SIZE]
[SIZE=2][FONT=Arial] <[email protected]>[/FONT][/SIZE]
[SIZE=2][FONT=Arial]To: [EMAIL="[email protected]"][email protected][/EMAIL][/FONT][/SIZE]
[SIZE=2][FONT=Arial]Subject: Windows NT rantings from the L0pht[/FONT][/SIZE]
[SIZE=2][FONT=Arial]I didn't ask to be cc'd into the rantings of the MS Borg Marketing[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Juggernaut but since I'm here...[/FONT][/SIZE]
[SIZE=2][FONT=Arial]I find this hillarious. The people at MS should know better.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]I haven't been following this thread tremendously but I've seen[/FONT][/SIZE]
[SIZE=2][FONT=Arial]bit's and pieces. Recently there was an attrocious article in WindowsNT[/FONT][/SIZE]
[SIZE=2][FONT=Arial]magazine, where they stated it would take 5000 or so years to break the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]passwords; thus put policy in place to have users change their passwords[/FONT][/SIZE]
[SIZE=2][FONT=Arial]every 2500 years. HELLO? I think these people aren't getting it.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Let's shed some light on things shall we?[/FONT][/SIZE]
[SIZE=2][FONT=Arial]1. Thank you very little MS for dropping any reference to the l0pht,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]hobbit, or myself in reference to your recent LM-Hash fix. If this[/FONT][/SIZE]
[SIZE=2][FONT=Arial]is how you "correspond" with people who point out problems to you it's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]no wonder that people prefer to release things to the public instead[/FONT][/SIZE]
[SIZE=2][FONT=Arial]of your "proper" channels.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]2. MS agrees that the LM hash is a horrible implementation from a[/FONT][/SIZE]
[SIZE=2][FONT=Arial]security standpoint. They respond with: "well we didn't write the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]protocol that was IBM".[/FONT][/SIZE]
[SIZE=2][FONT=Arial]3. When MS had the chance to do things a different way (ie Network[/FONT][/SIZE]
[SIZE=2][FONT=Arial]challenge/response obfuscation on NT boxes) they implemented it based[/FONT][/SIZE]
[SIZE=2][FONT=Arial]upon LM techniques to break up components (see #2).[/FONT][/SIZE]
[SIZE=2][FONT=Arial]4. The LM-hash fix works great if you don't have anything but NT machines[/FONT][/SIZE]
[SIZE=2][FONT=Arial]on your network. If you want to continue being "productive" with your[/FONT][/SIZE]
[SIZE=2][FONT=Arial]win95 machines it is my understanding that you "do it insecurely" or[/FONT][/SIZE]
[SIZE=2][FONT=Arial]you are S.O.L.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]5. Few places are running "nothing but NT" (ie just about everyone[/FONT][/SIZE]
[SIZE=2][FONT=Arial]has 95 or WfW boxes if MS has already gotten their foot in the door).[/FONT][/SIZE]
[SIZE=2][FONT=Arial](see #4)[/FONT][/SIZE]
[SIZE=2][FONT=Arial]6. MS can't swallow their pride enough to say "oops", even in[/FONT][/SIZE]
[SIZE=2][FONT=Arial]technical circles where they don't have to worry about the general public[/FONT][/SIZE]
[SIZE=2][FONT=Arial]mis-interpreting things.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]7. For the LM hash you only have to break 7 characters, not 14![/FONT][/SIZE]
[SIZE=2][FONT=Arial]8. MS keeps talking about the NT hash being so secure while refusing to[/FONT][/SIZE]
[SIZE=2][FONT=Arial]talk about how weak the LM hash is. Guess what, you probably won't be able[/FONT][/SIZE]
[SIZE=2][FONT=Arial]to use the "added security" of the NT hash on your network. Why keep[/FONT][/SIZE]
[SIZE=2][FONT=Arial]talking about something people can't use?[/FONT][/SIZE]
[SIZE=2][FONT=Arial]9. Even though the NT hash spec says you can have up to 128 char[/FONT][/SIZE]
[SIZE=2][FONT=Arial]passwords,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]I'd really like someone to show me how they can type more than 14[/FONT][/SIZE]
[SIZE=2][FONT=Arial]characters[/FONT][/SIZE]
[SIZE=2][FONT=Arial]into UserManager before it starts Beep-Beep'ing at them.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]10. We demonstrate up front with proof of concept code in L0phtcrack v1.0,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and L0phtcrack v1.5 that the following is indeed the case.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]For those that don't know, L0phtcrack v1.5 will attack the challenge[/FONT][/SIZE]
[SIZE=2][FONT=Arial]response done over the network. The reason we came out with this was that[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the SYSKEY "fix" that MS came out with only managed to emasculate the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]ADMINISTRATOR and not address the actuall problem. Can we say "save[/FONT][/SIZE]
[SIZE=2][FONT=Arial]face"? I knew we could.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]L0phtcrack v1.5 is available for FREE from [URL]http://www.L0pht.com[/URL] (that's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]a ZERO after the 'L', not an 'o') . It comes with source so you can build[/FONT][/SIZE]
[SIZE=2][FONT=Arial]it on just about any platform. It is proof-of concept code and thus[/FONT][/SIZE]
[SIZE=2][FONT=Arial]could be sped up tremendously.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Now, let's rip apart why it is so trivial to go through the LM hash on the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]network. And then talk about why the NT hash doesn't matter.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]-------------------------- -----------------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]| 16byte LM hash | | 16byte NT hash (md4) |[/FONT][/SIZE]
[SIZE=2][FONT=Arial]-------------------------- -----------------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]We already know that you only have to go through 7 characters to retrieve[/FONT][/SIZE]
[SIZE=2][FONT=Arial]passwords (up to 14 chars in length) in the LM hash, and that since there[/FONT][/SIZE]
[SIZE=2][FONT=Arial]is[/FONT][/SIZE]
[SIZE=2][FONT=Arial]no salting being done, constants show up all over the place giving away[/FONT][/SIZE]
[SIZE=2][FONT=Arial]too much information and speeding up attacks tremendously.[/FONT][/SIZE]
[SIZE=2][FONT=Arial] -------------------------------------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]| 1st 8bytes of LMhash | second 8bytes of LMhash |[/FONT][/SIZE]
[SIZE=2][FONT=Arial] -------------------------------------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]1st 8 bytes are derived from the first seven characters of the password[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the second 8 bytes are derived from the 8th through 14th characters of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the password. If the password is less than 7 characters then the second[/FONT][/SIZE]
[SIZE=2][FONT=Arial]half will always be: 0xAAD3B435B51404EE.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Let's assume for this example that the users password has a LM hash of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]0xC23413A8A1E7665fAAD3B435B51404EE (which I'll save everyone the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]nanosecond[/FONT][/SIZE]
[SIZE=2][FONT=Arial]it would have taken for them to plug this into L0phtcrack and have it[/FONT][/SIZE]
[SIZE=2][FONT=Arial]tell them the password is "WELCOME").[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Here's what happens to this hash on the network:[/FONT][/SIZE]
[SIZE=2][FONT=Arial] -------- --------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]| A | <______________| B |[/FONT][/SIZE]
[SIZE=2][FONT=Arial]| | | |[/FONT][/SIZE]
[SIZE=2][FONT=Arial] -------- --------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]B sends an 8 byte challenge to A. (assume 0x0001020304050607)[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Machine A takes the hash of 0xC23413A8A1E7665fAAD3B435B51404EE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and adds 5 nulls to it, thus becoming[/FONT][/SIZE]
[SIZE=2][FONT=Arial]0xC23413A8A1E7665fAAD3B435B51404EE0000000000.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The string 0xC23413A8A1E7665fAAD3B435B51404EE0000000000 is broken into[/FONT][/SIZE]
[SIZE=2][FONT=Arial]three groups of 7:[/FONT][/SIZE]
[SIZE=2][FONT=Arial]C23413A8A1E766 5fAAD3B435B514 04EE0000000000[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The 7 byte strings are str_to_key'd (if you will) into 8 byte odd parity[/FONT][/SIZE]
[SIZE=2][FONT=Arial]des keys.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Now we have :[/FONT][/SIZE]
[SIZE=2][FONT=Arial]| 8byteDeskey1 | | 8byteDeskey2 | | 8 byteDeskey3 |[/FONT][/SIZE]
[SIZE=2][FONT=Arial]8byteDeskey1 is used to encrypt the challenge 0x0001020304050607. Let's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]assume the result is 0xAAAAAAAAAAAAAAAA.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]8byteDeskey2 is used to encrypt the challenge 0x0001020304050607. Let's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]assume the result is 0xBBBBBBBBBBBBBBBB.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]8byteDeskey3 is used to encrypt the challenge 0x0001020304050607. Let's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]assume the result is 0xCCCCCCCCCCCCCCCC.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The three 8byte values are concatenated (!dumb!), and the 24 byte response[/FONT][/SIZE]
[SIZE=2][FONT=Arial]of 0xAAAAAAAABBBBBBBBCCCCCCCC is returned to the server. The server does[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the same thing to the hash on it's end and compares the result to the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]24 byte response. If they match, it was the correct original hash.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Why this is boneheaded:[/FONT][/SIZE]
[SIZE=2][FONT=Arial]----------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]7 char or less passwords.[/FONT][/SIZE]
[SIZE=2][FONT=Arial] -------------------- -------------------- --------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial] | C23413A8A1E766 || 5fAAD3B435B514 || 04EE0000000000 |[/FONT][/SIZE]
[SIZE=2][FONT=Arial] -------------------- -------------------- --------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The first thing we check is to see if the users password is less than[/FONT][/SIZE]
[SIZE=2][FONT=Arial]8 characters in length. We do this by taking the 7 byte value of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]0x04EE0000000000, turning it into an 8 byte odd parity DES key,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and encrypting it against the 8 byte challenge of 0x0001020304050607.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]If we get the result of 0xCCCCCCCCCCCCCCCC then we are pretty sure[/FONT][/SIZE]
[SIZE=2][FONT=Arial]it's < 8 chars in length.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]In order to be sure we can run through 0x??AAD3B435B514 (ie 256 possible[/FONT][/SIZE]
[SIZE=2][FONT=Arial]combinations) to see that 5f shows us the result is 0xBBBBBBBBBBBBBBBB,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]proving that the password is less than 7 characters and also giving us[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the last byte of the first half of the LM hash.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]>From this point, even assuming we're just joyriding and not worried about[/FONT][/SIZE]
[SIZE=2][FONT=Arial]optimizing the way this is done (believe me, there are much more[/FONT][/SIZE]
[SIZE=2][FONT=Arial]effective ways to do this that reduce the amount of time needed even[/FONT][/SIZE]
[SIZE=2][FONT=Arial]further... this whole this is just showing that even a simplistic[/FONT][/SIZE]
[SIZE=2][FONT=Arial]attack works against this implementation), it's no different than[/FONT][/SIZE]
[SIZE=2][FONT=Arial]how a tool like L0phtcrack attacks the hashes in the registry.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]8 char or greater passwords.[/FONT][/SIZE]
[SIZE=2][FONT=Arial] -------------------- -------------------- --------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial] | C23413A8A1E766 || AC435F2DD90417 || CCD60000000000 |[/FONT][/SIZE]
[SIZE=2][FONT=Arial] -------------------- -------------------- --------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The first thing to check is whether the password is less than 8 characters[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in length. Deriving the 8 byte odd parity des key from 0x04EE0000000000[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and encrypting against 0x0001020304050607 does not, in this case, give[/FONT][/SIZE]
[SIZE=2][FONT=Arial]us 0xCCCCCCCCCCCCCCCC, so we know that the password is 8 characters or[/FONT][/SIZE]
[SIZE=2][FONT=Arial]greater.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]It takes us, in a worst case scenario, 65535 checks to figure out that[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the 2bytes that are used in the last third are 0xCCD6. Even approaching[/FONT][/SIZE]
[SIZE=2][FONT=Arial]this in a completely brain-dead fashion (hey, turn-about is fair play),[/FONT][/SIZE]
[SIZE=2][FONT=Arial]you can go through your 7 digit combinations of characters for the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]first third the same way you would the LM hash from the registry. This[/FONT][/SIZE]
[SIZE=2][FONT=Arial]will yield not only the first third of the response, but also the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]first byte of the second third. Keep in mind that you already have the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]last two bytes that made up the third third.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]You could approach the middle third in the same fashion.[/FONT][/SIZE]
[SIZE=2][FONT=Arial](note: this whole method that MS is doing screams for a precompute[/FONT][/SIZE]
[SIZE=2][FONT=Arial]table lookup attack - which given the small enough potential values[/FONT][/SIZE]
[SIZE=2][FONT=Arial]is not impossible by any means)[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Thus, the challenge response is completely brute-forcable for the LM-hash.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]MS made the "oversight" of still sending the LM-hash response along with[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the NT response even when SP3 was installed. Thus it was a moot point[/FONT][/SIZE]
[SIZE=2][FONT=Arial]as to how tough or well done the NT hash might or might not be.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Since installing the LM-fix precludes continued use of windows 95 machines[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in regards to talking to NT machines, it is still a moot point as to[/FONT][/SIZE]
[SIZE=2][FONT=Arial]how tough or well done the NT hash might or might not be.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The LM hash is incredibly weak and your more secure NT hash is brought[/FONT][/SIZE]
[SIZE=2][FONT=Arial]down to the lowest common denominator.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Thus, the challenge response is completely brute-forcable for the LM-hash.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]MS made the "oversight" of still sending the LM-hash response along with[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the NT response even when SP3 was installed. Thus it was a moot point[/FONT][/SIZE]
[SIZE=2][FONT=Arial]as to how tough or well done the NT hash might or might not be.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Since installing the LM-fix precludes continued use of windows 95 machines[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in regards to talking to NT machines, it is still a moot point as to[/FONT][/SIZE]
[SIZE=2][FONT=Arial]how tough or well done the NT hash might or might not be.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The LM hash is incredibly weak and your more secure NT hash is brought[/FONT][/SIZE]
[SIZE=2][FONT=Arial]down to the lowest common denominator.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]It would have been nice if you could type a password greater than 14chars[/FONT][/SIZE]
[SIZE=2][FONT=Arial]into the UserManager app.[/FONT][/SIZE]
[SIZE=2][FONT=Arial].mudge[/FONT][/SIZE]
[SIZE=2][FONT=Arial]--------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial][URL]http://www.l0pht.com/advisories.html[/URL] - for more security related articles[/FONT][/SIZE]
[SIZE=2][FONT=Arial] published by the L0pht[/FONT][/SIZE]
[SIZE=2][FONT=Arial]--------------------[/FONT][/SIZE]
[SIZE=2][FONT=Arial] COMMERCIAL AND GOVERNMENT USERS PLEASE SEE THE END[/FONT][/SIZE]
[SIZE=2][FONT=Arial] OF THIS FILE FOR LICENSING INFORMATION. FOR YOU THIS[/FONT][/SIZE]
[SIZE=2][FONT=Arial] PROGRAM IS SHAREWARE, FOR ALL OTHERS IT IS FREE.[/FONT][/SIZE]
[SIZE=2][FONT=Arial] L0phtCrack 1.5[/FONT][/SIZE]
[SIZE=2][FONT=Arial] Released 7/12/97[/FONT][/SIZE]
[SIZE=2][FONT=Arial] Available at [URL]http://www.l0pht.com/advisories.html[/URL][/FONT][/SIZE]
[SIZE=2][FONT=Arial] [EMAIL="[email protected]"][email protected][/EMAIL][/FONT][/SIZE]
[SIZE=2][FONT=Arial] [EMAIL="[email protected]"][email protected][/EMAIL] [/FONT][/SIZE]
[SIZE=2][FONT=Arial]OVERVIEW[/FONT][/SIZE]
[SIZE=2][FONT=Arial]L0phtCrack 1.5 is a tool for turning Microsoft LANMAN and NT password[/FONT][/SIZE]
[SIZE=2][FONT=Arial]hashes back into the original clear text passwords. The program[/FONT][/SIZE]
[SIZE=2][FONT=Arial]does this using dictionary cracking and also brute force. L0phtCrack[/FONT][/SIZE]
[SIZE=2][FONT=Arial]1.5 returns not just the LANMAN passord but the NT password up to 14[/FONT][/SIZE]
[SIZE=2][FONT=Arial]characters in length. L0phtcrack will read pwdump style output or take[/FONT][/SIZE]
[SIZE=2][FONT=Arial]network sniffer logs. The program is distributed as both a GUI and[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in CLI form.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Version 1.0 of L0phtCrack was deficient because the graphical version[/FONT][/SIZE]
[SIZE=2][FONT=Arial]of the program did not support the brute force method that was in the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Command Line version which accompanied it. This has been fixed for version [/FONT][/SIZE]
[SIZE=2][FONT=Arial]1.5. The brute force efficiency has been improved and an option to select [/FONT][/SIZE]
[SIZE=2][FONT=Arial]the character set that makes up the password has been added.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The default behavior of the GUI is to do a dictionary attack on the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]password file and then brute force the remaining uncracked passwords.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Sample password files are named pwfile.txt, pwfile2.txt, pwfile3.txt[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and pwfile4.txt. A 28000 word dictionary file is included named[/FONT][/SIZE]
[SIZE=2][FONT=Arial]wfile.txt. You can dump passwords directly from L0phtCrack if you have[/FONT][/SIZE]
[SIZE=2][FONT=Arial]administrator rights.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]L0phtCrack 1.5 includes the ability to dictionary attack or brute force[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the network NT server challenge that is used to prevent the OWF from[/FONT][/SIZE]
[SIZE=2][FONT=Arial]going across the wire in its plaintext format. Sample network sniffed[/FONT][/SIZE]
[SIZE=2][FONT=Arial]challenges are in files sniff.txt and sniff2.txt. This means you[/FONT][/SIZE]
[SIZE=2][FONT=Arial]can get NT passwords without administrator privileges if you have network[/FONT][/SIZE]
[SIZE=2][FONT=Arial]access between the client and the server.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]With only trivial modifications you can break the SMB signing options[/FONT][/SIZE]
[SIZE=2][FONT=Arial]and play man in the middle attacks. These 'signatures' are derived[/FONT][/SIZE]
[SIZE=2][FONT=Arial]in almost identical fashion as the challenge response is.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]You can build the sniff files by hand using your favorite network analyzer[/FONT][/SIZE]
[SIZE=2][FONT=Arial]or wait for our tool which sniffs the network and builds these files.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The sniffing tool will be made available shortly. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]Also to be made available shortly is a commercial multiprocessor[/FONT][/SIZE]
[SIZE=2][FONT=Arial]version, L0phtCrack/SMP 1.5 for NT and Solaris. Contact [EMAIL="[email protected]"][email protected][/EMAIL][/FONT][/SIZE]
[SIZE=2][FONT=Arial]for more information.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]FILES IN THE EXECUTABLE DISTRIBUTION - LC15EXE.ZIP[/FONT][/SIZE]
[SIZE=2][FONT=Arial]lc_cli.exe is the command line version of the program. Run this if you [/FONT][/SIZE]
[SIZE=2][FONT=Arial]think little status counters are sucking up all you performance or do not[/FONT][/SIZE]
[SIZE=2][FONT=Arial]need you hand held by point-and-click tools. Source[/FONT][/SIZE]
[SIZE=2][FONT=Arial]code for this program that will build on Win95/NT or Unix is included in the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]source code distribution: lc15src.zip or lc15src.tar.gz[/FONT][/SIZE]
[SIZE=2][FONT=Arial]lc_gui.exe is the NT graphical version of L0phtCrack.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]lc_guipro.exe is the NT graphical version of L0phtCrack that has been compiled[/FONT][/SIZE]
[SIZE=2][FONT=Arial]with Pentuim Pro optimizations turned on.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]lc_gui95.exe is Win95 graphical version of L0phtCrack. This version does not[/FONT][/SIZE]
[SIZE=2][FONT=Arial]support password dumping due to Win95 limitations.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]FILES IN THE SOURCE DISTRIBUTION - LC15SRC.ZIP or LC15SRC.TAR.GZ[/FONT][/SIZE]
[SIZE=2][FONT=Arial]This archive contains all the source to build the command line version of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]L0phtCrack 1.5.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]PERFORMANCE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Dictionary cracking is extremely fast. L0phtCrack running on a Pentium Pro[/FONT][/SIZE]
[SIZE=2][FONT=Arial]200 checked a password file with 100 passwords against a 8 Megabyte dictionary[/FONT][/SIZE]
[SIZE=2][FONT=Arial]file in under one minute.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Brute forcing is always an extremely CPU intensive operation. We have worked[/FONT][/SIZE]
[SIZE=2][FONT=Arial]to optimize this in L0phtCrack 1.5. L0phtCrack running on a Pentium Pro[/FONT][/SIZE]
[SIZE=2][FONT=Arial]200 checked a password file with 10 passwords using the alpha character set[/FONT][/SIZE]
[SIZE=2][FONT=Arial](A-Z) in 26 hours. The graphical verion of L0phtCrack 1.5 features a [/FONT][/SIZE]
[SIZE=2][FONT=Arial]percentage done counter and a time remaining estimate so you can gauge when [/FONT][/SIZE]
[SIZE=2][FONT=Arial]the task will be complete. [note from mudge: try building the CLI version[/FONT][/SIZE]
[SIZE=2][FONT=Arial]on an ultrasparc using the compile flags in the Makefile provided - this[/FONT][/SIZE]
[SIZE=2][FONT=Arial]will make these figures look sloooooowwww ;-)][/FONT][/SIZE]
[SIZE=2][FONT=Arial]The l0phtcrack1.5 GUI allows you to select one of 5 character sets to brute [/FONT][/SIZE]
[SIZE=2][FONT=Arial]force passwords that use more characters than A-Z. As the character sets [/FONT][/SIZE]
[SIZE=2][FONT=Arial]increase in size from 26 characters to 68 the time to brute force the password[/FONT][/SIZE]
[SIZE=2][FONT=Arial]increases exponentially. The CLI version allows you to specify a file [/FONT][/SIZE]
[SIZE=2][FONT=Arial]containing your keyspace string via the '-k' option. Please keep in mind[/FONT][/SIZE]
[SIZE=2][FONT=Arial]that you should only be using UPPERCASE characters as we will derive the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]lower case ones later in the cracking. [examine the source code if this[/FONT][/SIZE]
[SIZE=2][FONT=Arial]is un-clear][/FONT][/SIZE]
[SIZE=2][FONT=Arial]This chart illustrates the relative time for larger character sets. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]Char Relative [/FONT][/SIZE]
[SIZE=2][FONT=Arial]Size Iterations Time[/FONT][/SIZE]
[SIZE=2][FONT=Arial]26 8353082582 1.00[/FONT][/SIZE]
[SIZE=2][FONT=Arial]36 80603140212 9.65[/FONT][/SIZE]
[SIZE=2][FONT=Arial]46 4.45502E+11 53.33[/FONT][/SIZE]
[SIZE=2][FONT=Arial]68 6.82333E+12 816.86[/FONT][/SIZE]
[SIZE=2][FONT=Arial]So if 26 characters takes 26 hours to complete, 36 characters (A-Z,0-9) would[/FONT][/SIZE]
[SIZE=2][FONT=Arial]take 250 hours or 10.5 days. Now of course this is the worst case senario of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the password being 99999999999999. A password such as take2asp1r1n would [/FONT][/SIZE]
[SIZE=2][FONT=Arial]probably be computed in about 7 days. [mudge note: again, try this on[/FONT][/SIZE]
[SIZE=2][FONT=Arial]other architectures for better performance][/FONT][/SIZE]
[SIZE=2][FONT=Arial]NT Server Challenge Sniffing[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Here is a description of the challenge that takes place over the network[/FONT][/SIZE]
[SIZE=2][FONT=Arial]when a client, such as a Windows NT workstation, connects to an NT Server.[/FONT][/SIZE]
[SIZE=2][FONT=Arial] [assuming initial setup etc...][/FONT][/SIZE]
[SIZE=2][FONT=Arial] 8byte "random" challenge[/FONT][/SIZE]
[SIZE=2][FONT=Arial] Client <---------------------- Server[/FONT][/SIZE]
[SIZE=2][FONT=Arial] OWF1 = pad Lanman OWF with 5 nulls[/FONT][/SIZE]
[SIZE=2][FONT=Arial] OWF2 = pad NT OWF with 5 nulls[/FONT][/SIZE]
[SIZE=2][FONT=Arial] resp = E(OWF1, Chal) E(OWF2, Chal)[/FONT][/SIZE]
[SIZE=2][FONT=Arial] 48byte response (24byte lanman 24byte nt)[/FONT][/SIZE]
[SIZE=2][FONT=Arial] Client -----------------------> Server[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The client takes the OWF ( all 16 bytes of it) and pads with 5 nulls. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]From this point it des ecb encrypts the, now 21byte, OWF with the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]8byte challenge. The resulting 24byte string is sent over to the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]server who performs the same operations on the OWF stored in it's[/FONT][/SIZE]
[SIZE=2][FONT=Arial]registry and compares the resulting two 24byte strings. If they [/FONT][/SIZE]
[SIZE=2][FONT=Arial]match the user used the correct passwd.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]What's cool about this? Well, now you can take your sniffer logs[/FONT][/SIZE]
[SIZE=2][FONT=Arial]of NT logons and retrieve the plaintext passwords. This does not[/FONT][/SIZE]
[SIZE=2][FONT=Arial]require an account on the NT machine nor does it require previous[/FONT][/SIZE]
[SIZE=2][FONT=Arial]knowledge of the ADMINISTRATOR password. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]The fact that these three responses are concatenated quickly gives[/FONT][/SIZE]
[SIZE=2][FONT=Arial]away the length of the password for the LM hash and the attack can[/FONT][/SIZE]
[SIZE=2][FONT=Arial]work backwards the same way the non-networked one does. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]So even if you have installed Service Pack 3 and enabled SAM encryption [/FONT][/SIZE]
[SIZE=2][FONT=Arial]your passwords are still vulnerable if they go over the network.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Special thanks go out to:[/FONT][/SIZE]
[SIZE=2][FONT=Arial]- [EMAIL="[email protected]"][email protected][/EMAIL] for all the cool ideas and bare feet. Especially[/FONT][/SIZE]
[SIZE=2][FONT=Arial] for his monster paper on CIFS problems.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]- Jeremey Allison [EMAIL="[email protected]"][email protected][/EMAIL] - for the fantastic sleuthing with[/FONT][/SIZE]
[SIZE=2][FONT=Arial] PWDump.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]- [EMAIL="[email protected]"][email protected][/EMAIL] for a some nice little code tips and generall coolness.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]- the people who did SAMBA for being nuts![/FONT][/SIZE]
[SIZE=2][FONT=Arial]- the people who did libdes for being nuts![/FONT][/SIZE]
[SIZE=2][FONT=Arial]- Yobie for always fighting giants.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]If anyone makes modifications / improvements please mail the diffs to[/FONT][/SIZE]
[SIZE=2][FONT=Arial][EMAIL="[email protected]"][email protected][/EMAIL].[/FONT][/SIZE]
[SIZE=2][FONT=Arial]We hope this tool is useful,[/FONT][/SIZE]
[SIZE=2][FONT=Arial][EMAIL="[email protected]"][email protected][/EMAIL] , [EMAIL="[email protected]"][email protected][/EMAIL][/FONT][/SIZE]
[SIZE=2][FONT=Arial]LICENSING INFORMATION LICENSING INFORMATION LICENSING INFORMATION [/FONT][/SIZE]
[SIZE=2][FONT=Arial]LICENSING INFORMATION LICENSING INFORMATION LICENSING INFORMATION[/FONT][/SIZE]
[SIZE=2][FONT=Arial]LHI TECHNOLOGIES, LLC SOFTWARE LICENSE AGREEMENT [/FONT][/SIZE]
[SIZE=2][FONT=Arial]THIS IS A LEGAL AGREEMENT BETWEEN YOU AND LHI TECHNOLOGIES, LLC ("LHI").[/FONT][/SIZE]
[SIZE=2][FONT=Arial]CAREFULLY READ ALL THE TERMS AND CONDITIONS OF THIS AGREEMENT PRIOR TO USING[/FONT][/SIZE]
[SIZE=2][FONT=Arial]THE SOFTWARE. BY USING THE SOFTWARE YOU CONSENT TO BE BOUND BY THE TERMS OF[/FONT][/SIZE]
[SIZE=2][FONT=Arial]THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL THE TERMS OF THIS AGREEMENT, DO[/FONT][/SIZE]
[SIZE=2][FONT=Arial]NOT USE THE SOFTWARE. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]***************************************************************************[/FONT][/SIZE]
[SIZE=2][FONT=Arial]IF YOU ARE A COMMERCIAL OR GOVERNMENTAL ENTITY THE GRAPHICAL EXECUTABLE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]VERSIONS OF THIS SOFTWARE, ("L0PHTCRACK 1.5") ARE NOT FREE OF CHARGE. IF[/FONT][/SIZE]
[SIZE=2][FONT=Arial]YOU USE THE SOFTWARE BEYOND THE EVALUATION PERIOD OF 7 DAYS YOU MUST MAKE A[/FONT][/SIZE]
[SIZE=2][FONT=Arial]PAYMENT OF $50 TO LHI. PAYMENT MUST BE SENT TO: LHI, PO BOX 990857, BOSTON,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]MA 02199. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]****************************************************************************[/FONT][/SIZE]
[SIZE=2][FONT=Arial]THE GRAPHICAL EXECUTABLE VERSIONS ARE THE FILES NAMED: lc_gui.exe, [/FONT][/SIZE]
[SIZE=2][FONT=Arial]lc_guipro.exe and lc_gui95.exe CONTAINED IN THE ARCHIVE FILE lc15exe.zip[/FONT][/SIZE]
[SIZE=2][FONT=Arial]IF YOU ARE A NEITHER A COMMERCIAL NOR GOVERNMENTAL ENTITY YOU MAY USE THIS[/FONT][/SIZE]
[SIZE=2][FONT=Arial]SOFTWARE FREE OF CHARGE.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]1.TITLE AND OWNERSHIP. The Software is owned by LHI[/FONT][/SIZE]
[SIZE=2][FONT=Arial]The Software is protected by United States and international copyright and[/FONT][/SIZE]
[SIZE=2][FONT=Arial]other laws. You may not remove, obscure, or alter any notice of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]patent, copyright, trademark, trade secret, or other proprietary rights.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]You may not reverse engineer, disassemble or de-compile the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Software nor may you permit anyone else to do so. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]This license and your right to use the Software terminate automatically[/FONT][/SIZE]
[SIZE=2][FONT=Arial]if you violate any part of this Agreement. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]3.DISCLAIMER OF WARRANTY AND LIMITATION OF LIABILITY.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY[/FONT][/SIZE]
[SIZE=2][FONT=Arial]OF ANY KIND, WHETHER EXPRESS OR IMPLIED. WITHOUT[/FONT][/SIZE]
[SIZE=2][FONT=Arial]LIMITATION, LHI DISCLAIMS ALL IMPLIED[/FONT][/SIZE]
[SIZE=2][FONT=Arial]WARRANTIES WITH RESPECT TO THE SOFTWARE, ITS[/FONT][/SIZE]
[SIZE=2][FONT=Arial]MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR[/FONT][/SIZE]
[SIZE=2][FONT=Arial]PURPOSE. YOU ASSUME ALL RISK IN USING THE SOFTWARE.[/FONT][/SIZE]
[SIZE=2][FONT=Arial]IN NO EVENT WILL LHI BE LIABLE FOR INDIRECT,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]WITHOUT LIMITATION, LOSS OF INCOME, LOSS OF USE, OR[/FONT][/SIZE]
[SIZE=2][FONT=Arial]LOSS OF INFORMATION. IN NO EVENT WILL LHI BE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]LIABLE FOR ANY DAMAGES, EVEN IF LHI SHALL HAVE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES[/FONT][/SIZE]
[SIZE=2][FONT=Arial]OR FOR ANY CLAIM BY ANY OTHER PARTY. CERTAIN STATES[/FONT][/SIZE]
[SIZE=2][FONT=Arial]DO NOT PERMIT EXCLUSIONS OF IMPLIED WARRANTIES OR[/FONT][/SIZE]
[SIZE=2][FONT=Arial]LIMITATIONS OF LIABILITY, SO THIS DISCLAIMER MAY NOT[/FONT][/SIZE]
[SIZE=2][FONT=Arial]APPLY TO YOU OR MAY APPLY TO YOU ONLY IN PART. YOU[/FONT][/SIZE]
[SIZE=2][FONT=Arial]MAY HAVE OTHER LEGAL RIGHTS WHICH VARY FROM STATE[/FONT][/SIZE]
[SIZE=2][FONT=Arial]TO STATE. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]4.EXPORT COMPLIANCE. You may not export or reexport the[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Software except in full compliance with all United States and other[/FONT][/SIZE]
[SIZE=2][FONT=Arial]applicable laws and regulations, including laws and regulations[/FONT][/SIZE]
[SIZE=2][FONT=Arial]pertaining to the export of computer software. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]5.GENERAL. This Agreement constitutes the entire agreement between[/FONT][/SIZE]
[SIZE=2][FONT=Arial]you and LHI and supersedes any prior written or oral agreement[/FONT][/SIZE]
[SIZE=2][FONT=Arial]concerning the Software. It shall not be modified except by written[/FONT][/SIZE]
[SIZE=2][FONT=Arial]agreement dated subsequent to the date of this Agreement and signed[/FONT][/SIZE]
[SIZE=2][FONT=Arial]by an authorized LHI representative. LHI is not bound by any[/FONT][/SIZE]
[SIZE=2][FONT=Arial]provision of any purchase order, receipt, acceptance, confirmation,[/FONT][/SIZE]
[SIZE=2][FONT=Arial]correspondence, or otherwise, unless LHI specifically agrees to[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the provision in writing. This Agreement is governed by the laws of[/FONT][/SIZE]
[SIZE=2][FONT=Arial]the State of Massachusetts as if the parties hereto were both Massachusetts[/FONT][/SIZE]
[SIZE=2][FONT=Arial]residents; and you consent to exclusive jurisdiction in the state and[/FONT][/SIZE]
[SIZE=2][FONT=Arial]federal courts in Boston in the event of any dispute. [/FONT][/SIZE]
[SIZE=2][FONT=Arial]6.U.S. GOVERNMENT RESTRICTED RIGHTS. The Software is[/FONT][/SIZE]
[SIZE=2][FONT=Arial]provided with RESTRICTED RIGHTS. Use, duplication, or disclosure[/FONT][/SIZE]
[SIZE=2][FONT=Arial]by the Government is subject to restrictions as set forth in[/FONT][/SIZE]
[SIZE=2][FONT=Arial]subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and[/FONT][/SIZE]
[SIZE=2][FONT=Arial](2) of the Commercial Computer Software Restricted Rights at 48[/FONT][/SIZE]
[SIZE=2][FONT=Arial]CFR 52.227-19, as applicable. Contractor/manufacturer is LHI[/FONT][/SIZE]
[SIZE=2][FONT=Arial]Technologies, LLC, PO Box 990857, Boston, MA 02199. [/FONT][/SIZE]