LM Hash flaw: Windows Passwords Under 15 Characters Easy to Crack

Solid State Drive (SSD) based cracking programs have really been a hot topic over the past few years. They are fast, very fast. I did an article a while back on using SSD based look up tables to crack 14 character Windows passwords in 5 seconds.

The blazing speed is possible because of the characteristics of the LM based password hashes that Windows stores along with the stronger NTLM based hashes. The LM based hashes can be cracked with SSD based tables in about 5 seconds. The NTLM version of the password hash is more secure and can take significant time to crack. The solution then is simple, disable LM password hashing.

Sounds simple doesn’t it? Well, the problem is, it doesn’t work. Even when you tell Windows to not store the less secure LM hash of the password, it still does.

Mike Pilkington posted an exceptional article today on this at the SANS Computer Forensics Blog. In his article, “Protecting Privileged Domain Accounts: LM Hashes — The Good, the Bad, and the Ugly“, Mike shows that even when Windows policy is set to disable LM hashes, the hashes are still created!

The interesting thing is that the lower security hashes are not present on the SAM stored on the hard drive. But when the security accounts are loaded into active RAM, Windows re-creates the LM hashes!

According to Mike’s article, the LM Hash can be pulled from active RAM using the Windows Credential Editor (WCE).

What is the solution then? Make your passwords at least 15 characters! The LM Hash only supports passwords of 14 characters or less, so if your password is over 14 characters, Windows can not create the less secure hash.

Why would Windows do this? Some older programs still use LM based security, so most likely Windows creates it even when you tell it not to for backwards compatibility.

For more information, check out Mike’s article.

Navy Railgun Full Energy Firing Tests

Take a gander at what the futuristic Navy’s electromagnetic railgun will probably look like. This month the Navy starts full energy tests of the railgun prototype that will most likely be the main weapon used on Navy ships of the future.

The gun will fire a 40 pound projectile 100 to 200 nautical miles at a speed of up to 5,000 miles per hour. Which will be a vast improvement compared to the Navy’s most advanced gun in service today which has a range of 13 nautical miles.

Hakin9: Computer Security Testing with the Social Engineering Toolkit

The February issue of the Hakin9 Exploiting Software magazine is out!

Included in this issue is an article I wrote on the Social Engineering Toolkit (SET):

Using the Social Engineering Toolkit to Test Network Security

Hackers using Social Engineering attacks are getting much better at their craft, and people are making it very easy for them. A Social Engineer will use information gathered about a person, place or business in specially crafted attacks that play on people’s thoughts, beliefs or emotions.

Social engineers are Hackers that focus in on using personal information mixed with human reactions, emotions or fear to trick you into opening an infected file or visiting a malicious website. Social engineering attacks are one of the top techniques used against networks today.

Why spend days, weeks or even months trying to penetrate layers of network security when you can just trick a user into running a file that allows you full access to their machine and bypasses most anti-viruses, firewalls and many intrusion detection systems?

Daniel will explain some of the techniques used by attackers and he will show you how they could get full control of your computer and most importantly, how to stop them.

Also in this issue is:

  • Beyond Automated Tools and Frameworks: the shellcode injection process
  • Tabnapping Attack: Hijacking Browser Tabs
  • The Power Of Exploitation Tools
  • Hardening of Java Applications against AOP exploits
  • Enterprise Vulnerability Management

I really enjoyed Craig Wright’s article, “Beyond Automated Tools and Frameworks: the shellcode injection process“. This is a series of articles that delves into creating your own shellcodes and exploits.

Hakin9 Exploiting Software February 2012 – Check it out!