In association with heise online

12 October 2006, 15:17

Daniel Bachfeld

Brute Force

Attacks on passwords in Windows networks

Windows passwords are stored on computers and transmitted across networks with encryption. Nevertheless, there are methods and tools to enable access to these passwords as plain text. You can only protect yourself well if you are familiar with these tricks.

To prevent unauthorized access on Windows PCs, prior authentication can be required. Most users are familiar with this from the Windows log-in under CTRL-ALT-DEL. Only users with rights can log in locally with their name and password. If the computer is connected to a Windows network, users generally log on with the domain controller. The entry mask is the same, the only difference being that you choose a domain name instead of a computer name. The domain controller manages the access rights of users for network resources and the rights of users in a domain. Registered users get an access token which authorizes them for other systems. To protect log-in data from being eavesdropped on the local PC or the network during transmission, Windows encrypts the data transmitted. But special programs can also crack the encryption used for this log-in data.

Divide and conquer

LanManager (LM) provided the first implementations of a domain concept. DOS, Windows, and OS/2 clients can access Unix and OS/2 servers within a domain. Authentication is based on a challenge/response method. In the process, the password is never transmitted itself through the network either with encryption or as clear text, but rather as an encrypted response to a challenge sent by the server.

Windows always saves passwords on clients and servers with encryption. To do so, it converts the password into a 14-byte string by cutting long words and adding zeros to ones that are too short; it also capitalizes all lower-case letters. In addition, it reverses all bytes and divides the string into two 7-byte strings. Windows uses them as 56-bit DES keys (7x8) to encrypt an 8-byte string ("KGS!@#$%") that is the same in every Windows PC. If the two encrypted 8-byte strings are put back together, the result is a 16-byte hash that is stored on the client and the server as a LanManager hash.

image 1 [400 x 118 Pixel @ 36,2 KB]
Windows generates the LM hash with two 56-bit DES keys.

The drawbacks of this method are obvious: the password cannot be longer than 14 characters and only consists of capital letters; in addition, two 56-bit keys are used instead of a single 112-bit key (14x8). Unfortunately, two short keys can be calculated faster than one long one. Indeed, if the password only has seven bytes, one of the keys only consists of zeros. And because there is no random component when the LM hash is generated, the same password will always generate the same hash. An attacker simply need only prepare gigantic tables of hashes to crack the password later. The Advanced Instant NT Password Cracker [8] does just that: with 2 GB tables, it can crack 99 percent of all passwords in less than 1 minute.

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit