Home page logo
/

basics logo Security Basics mailing list archives

RE: ADS Password Storage Protection
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Fri, 21 Jul 2006 16:52:02 -0400

I havent' seen a modified SMB client work on XP Pro and above since SMB
signing was enabled. People keep telling me it's possible, but when I
say show me, it doesn't work. 

-----Original Message-----
From: Christian.Assfalg () bc boehringer-ingelheim com
[mailto:Christian.Assfalg () bc boehringer-ingelheim com] 
Sent: Thursday, July 20, 2006 2:25 AM
To: Roger A. Grimes; security-basics () securityfocus com
Subject: AW: ADS Password Storage Protection

However, all this discussion is based on the assumption that a cracker
actually HAS the hash, and actually needs the clear-text password. As
mentioned several times, you can aparently perfectly authenticate with
the hash only by using a modified smb client. So why cracking the
password at all?

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]