Normally in windows operating systems the password we enter is hashed(obfuscated) and stored in c:\windows\system32\config\sam
Security Accounts Manager is the abbreviation of SAM...(Don't try to open it when in windows it won't allow you to do so :P )
But people circumvent the operating system (using linux boot disk) and copy this sam..
Also don't forget to copy the file named "system" from that file which contains the "syskey"
syskey is used to encrypt the sam.....
Winodws XP uses two type of hashes LM hashes and NTLM hashes..LM hashes (LM stands for LAN manager) NTLM is more secure than LM hashes. However, even computers that use NTLM (i.e) windows 2000 and above also store their passwords in LM hashes. So the password is stored twice, as NTLM and as LM Hashes. This is because very often we still need to connect with machine that used LM hashes(i.e) windows 98 going back.
LM hashing method:
Let me explain it with an example, take the password as 123456abcde
Initially the password is converted into all upper case letter 123456ABCDE
Then the password is padded with NULL (blank) character, in order to make it 14 character long.
Now the 14 character long password is split into half like 123456A and BCDEF__.
Each string is individually encrypted and the results are concatenated:
123456A = 6BF11E04AFAB197F
BCDEF__ = F1E9FFDCC75575B15
The hash is 6BF11E04AFAB197FF1E9FFDCC75575B15
Problems with LM hash:
If the password is greater than 14 character then LM hash is disabled and NTLM hash is used.
Can craked easily.
Password cracking methods:
Dictionary attack
Brute force
cryptanalysis (rainbow table)
Rainbow tables:
With rainbow tables the password combinations are pre-computed and stored in disk.
This rainbow tables are searched for a particular hash, and the password can be cracked with in minutes.
In LM hash generation the password is split into two and encrypted (see LM hashing method)
This design fault leads to creation of Half LM rainbow tables which are used to crack one half
of the password ..Thus it reduces the time taken for cryptanalysis...
Prevention:
Disabling the LM hashes (In windows vista LM hashes are disabled by default)( see links section for more details on LM hash disabling methods)
Using passwords that have more than 14 characters.
Don't use dictionary words
changing the passwords frequently
There is nothing in this world that cannot be breached, all we can do is make it harder to the attacker.
To get password crackers, leave your mail id in comment. I will mail them to you.
Disclaimer: All the content are for the sake of knowledge, I m not responsible if you misuse it or if it cause any harm to you.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment