Security Basics mailing list archives
RE: LM and NTLM Hashes
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Thu, 8 Sep 2005 16:19:08 -0400
Windows stored hashes (LM or NTLM) are never sent across the network. Windows uses Challenge/Response handshaking protocols. The hashes are involved, but are not sent at anytime between the client and the server. The process is more complicated than you are thinking it is. You can try Chapters 2 and 3 here for start. http://www.windowsitlibrary.com/Ebooks/SecurityPermissions/ But I've recently written an article for them to appear in Windows Security Administrator magazine that is even better and more concise...but I don't know if it is published yet. Check www.windowsitpro.com for more info. Roger ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Consultant *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA *email: roger () banneretcs com *cell: 757-615-3355 *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ **** -----Original Message----- From: Flavio Braga [mailto:flaviobs () uol com br] Sent: Tuesday, September 06, 2005 12:56 PM To: security-basics () securityfocus com Subject: LM and NTLM Hashes Hi all! I have a question about LM and NTLM hashes. Hope someone will have something to say. Sorry about my ignorance. I was testing Cain & Abel in my network. I did run the sniffer for some time, and so I sent the captured packets to the cracker. Some documentation says that LM and NTLM hashes have 16 bytes. But only a few packets have identified 16 bytes long hashes. The program lists all the other packets with 24 bytes long hashes in the same columns as LM & NTLM. My question is: what kind of hashes are them? And another one. Does it mean that LM & NTLM are not the only way to authenticate users? We don't have Kerberos in the network. I saw that pop3 clients send passwords in text mode. Is there any way to protect passwords from email clients? Or the users have to access emails from webmails? Thank you for any help. Flavio
Current thread:
- LM and NTLM Hashes Flavio Braga (Sep 06)
- <Possible follow-ups>
- RE: LM and NTLM Hashes Roger A. Grimes (Sep 08)
- RE: LM and NTLM Hashes Roger A. Grimes (Sep 09)