Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Hashing Algorithms
- LAN Manager (LM)
|
Hashing Algorithms
There are different types of hashing algorithms; most popular among them are MD5 and SHA-1. By looking at the hashes we cannot exactly figure out what type of hashing algorithm is being used, but by comparing the length we can almost make an exact guess about what types of hashing algorithms are being used. For example, the MD5 hash would have no more than 32 characters, the SHA-1 41. So based upon the length, we can guess the hashing algorithms. The Hash Analyzer is a very popular tool that can help you identify the hash type. Based upon its length it will make a guess for all the hashes that are of the same length. 250 ◾ Ethical Hacking and Penetration Testing Guide Windows Hashing Methods Some of the hashing protocols for older versions of Windows were vulnerable by design and were very easy to crack; we will discuss some of the flaws in Windows hashing methods in brief. LAN Manager (LM) Windows XP and prior versions of Microsoft Windows use the LAN Manager protocol. The pro- tocol is based upon a well-known block cipher (DES). However, due to the way it is designed it is fairly easy for an attacker to crack the hashes. Let’s see how the hashing algorithm works, includ- ing its weaknesses. 1. The password is converted to UPPER CASE , which is a good thing for password crackers, since it would reduce the total number of combinations. 2. Password hashes are not salted , which means that if you are able to crack hashes for one computer and someone uses the same password hash on a different computer, you can easily figure out that it’s the same password. 3. If the password isn’t 14 characters long, it’s then padded with NULL characters. 4. Next, the password is split into two 7-character parts , which again is good from a pass- word cracking perspective as 7-character passwords are easier to crack than 14-character passwords. 5. Each seven-byte hash is used as the key to encrypt “KGS!@#$%” with the DES (Data encryption standard) algorithm. 6. Both of the strings are then concatenated to form a 16-byte LM hash. NTLM/NTLM2 The NT LAN MANAGER protocol is used by operating systems such as Vista and above. It’s more secure than the LM protocol. Unlike the LM protocol, it does not split up the passwords, making it difficult for an attacker to crack them. The password stored is converted to uppercase, which can still aid in password cracking. It also provides backward compatibility with the LAN Manager. There are also some known attacks, such as “credential forwarding,” that can be used to gain access to other machines on the network using the same password hashes. NTLM2 is much more secure than NTLMV1, because it uses the 128-byte key, making it harder for attackers to crack the hashes. Kerberos Kerberos is mostly used in active directory environments. It is Microsoft’s default protocol for active directory environments, but in some situations where the domain controller is not available, NTLM takes charge. Yüklə 22,44 Mb. Dostları ilə paylaş:
|