Password Cracking ‘Pass The Hash’ style

One of the most time consuming tasks a penetration tester has to face is password attacks. Traditional password attacks involve password guessing, password cracking or a combination of both. While the first can take anything from days to months, the latter can take from hours to days, depending on the quality of the password dictionary and the available CPU power among others. Tools that make use of Rainbow Tables, like Ophcrack, have significantly reduced those times to hours or even minutes, especially for systems that use weak password schemes like LM or NTLMv1.

All of the above describe how the password attack picture was before a new technique, called ‘Pass-The-Hash’ made its way into the hacking scene. Although someone may think this technique is quite new, it was actually back in 1997 when Paul Ashton posted on Bugtraq a Windows exploit named “NT Pass the Hash” along with the theory which the exploit was based on. This Unix-based tool implemented a modified version of a SMB client that allowed the use of captured LanMan hashes, without having to decrypt them first. However, it wasn’t before last year when Core Security finally took this concept to the next level and produced a much more powerful tool called ‘Pass-The-Hash Toolkit’, which now runs on Windows and works with NTLM hashes. Let’s see how this technique works in more detail.

Continue reading Password Cracking ‘Pass The Hash’ style

Unix Command-Line Kung Fu

I was discussing with a friend a few weeks ago how challenging is to teach folks that come in from the exclusive Windows-world on advanced Unix topics. Yes, I mean the kind of user that ends up rebooting a Unix box after changing a conf file instead of just restarting the appropriate services 🙂 .

I’m sure those, both Unix beginners and their managers, will appreciate the following presentation I came across a few weeks ago: “Unix Command-Line Kung Fu“. It’s author, Hal Pomeranz, presented it at SANS 2008 Orlando as part of the @Night talk conferences.

Continue reading Unix Command-Line Kung Fu