Re: Windows XP / 2K3 Default Users

From: Thor (Hammer of God) (thor@hammerofgod.com)
Date: Mon Oct 30 2006 - 15:39:36 EST


You "routinely" crack passwords on SAM's that are SYSKEY'd by default
(128-bit) with rainbow tables? XP/2k3 has syskey on by default... And any
password over 14 characters automatically clear the LM hash, even if you
have not turned it off (which I can't imagine anyone not doing.)

So, I'm guessing that the "rainbow table" hubbub is all 40-bit, or silly LM
hash cracking, right? Or am I missing something here?

t

On 10/26/06 2:07 PM, "ep" <captgoodnight@hotmail.com> spoketh to all:

> I crack these routinely when pentesting/playing, granted, it's by pushing
> the sam through rainbow tables, thus admin access...
> Basically, any sam once in hand, is cracked these days via rainbowtables.
> There're ways to prevent this from happening, but most admins don't go that
> extra step...
>
> --cg
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
> Behalf Of Joey Peloquin
> Sent: Wednesday, October 25, 2006 12:38 PM
> To: s-williams@nyc.rr.com; Pen-Testing
> Subject: Re: Windows XP / 2K3 Default Users
>
> s-williams@nyc.rr.com wrote:
>> Hello list this might be an easy question to answer but have anyone
>> been sucessful in using windows built in default accounts when doing a
>> password audit. I
> know most
>> xp machines has (help assitant and support_xxxxxxxx). Is their a
>> default
> list out
>> there some where with various vendor OS passwords, or a way to figure
>> out the password for these accounts.
>> Sent via BlackBerry from T-Mobile
>
> You can try to crack them through normal means, but it'd likely be a futile
> act since a) they are randomized and *extremely* complex (as far as I
> recall) and b) even my ~13 year old knows to restrict these accounts. There
> are clueless admins out there though, so, *shrug*.
>
> -jp
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
> 0008bOW
> ------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016000000
> 08bOW
> ------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:15 EDT