Security Basics mailing list archives
Re: HASHES being sent through my network
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Sat, 25 Nov 2006 10:28:18 -0500
My first question to you is: Is this a Kerberized Active Directory environment where all the machines are part of the domain OR just a standalone Win 2K server??? If it is just a standalone Win2K server, then YES, the password hashes will float around on the network. That is because it is a not a Kerberos environment. IF it was a kerberos env (i.e. Active Directory with domains etc) then only the kerberos service tickets would float around and not password hashes or usernames. saqib http://www.full-disk-encryption.net On 23 Nov 2006 22:34:34 -0000, lnrcmbymrhdcr () mailinator com <lnrcmbymrhdcr () mailinator com> wrote:
Hello, Not sure if appropriate list, but I was testing the flow through my network and noticed that everytime I authenticate against a Windows 2000 Server, ettercap captures the following: USER: xxxx.xxxxx HASH: xxxx.xxxxx:"":"":B5868F57a x3F34FC7C00000000000000000000000000000000:A109BED82C8BF6BE8A0E5EDFC42964CFE274Fa x278CF27281E:116FB24C76E30E4A DOMAIN: ZZZZZZZ Does this mean that the password is also floating about and can be accessed and read remotely? What HASH is this as it does not look like 32 bit version? Cheers
-- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net
Current thread:
- HASHES being sent through my network lnrcmbymrhdcr (Nov 24)
- Re: HASHES being sent through my network Saqib Ali (Nov 27)
- <Possible follow-ups>
- Re: HASHES being sent through my network warl0ck (Nov 27)