Slashdot Mirror

← Back to Stories (view on slashdot.org)

NTLM 100% Broken Using Hashes Derived From Captures

Posted by Soulskill on from the progress-bar-complete dept.

New submitter uCallHimDrJ0NES writes "Security researcher Mark Gamache has used Moxie Marlinspike's Cloudcracker to derive hashes from captured NTLM handshakes, resulting in successful pass-the-hash attacks. It's been going on for a long time, probably, but this is the first time a 'white hat' has researched and exposed the how-to details for us all to enjoy. 'You might think that with all the papers and presentations, no one would be using NTLM...or, God forbid, LM. NTLMv2 has been around for quite some time. Surely, everyone is using it. Right? Wrong! According to the last data from the W3 Schools, 21% of computers are running XP, while NetMarketShare claims it is 39%. Unless someone has hardened these machines (no MS patches do this), these machines are sending LM and NTLM responses!' Microsoft has posted a little guidance for those who need to turn off NTLM. Have fun explaining your new security project to your management, server admins!"

1 of 155 comments (clear)

  1. Learn to spell Jeremiah Cornelius by Anonymous Coward · · Score: 0, Troll

    It's PENETRATION, not "Pentration" as you spell it on your resume, BOY -> http://www.linkedin.com/pub/jeremiah-cornelius-cissp-issap/2/620/a58

    * So much for your "I am a black man" b.s. too (which also makes you a liar)...

    Ah yes - NOW?

    Now, I know who & WHAT you are, as well as where you are/from, too, you troll...

    (A "San Fran Man" TOO I see, lol... you KNOW what they say about those, rotflmao!)

    * Your location pretty much EXPLAINS why you act more like a WOMAN than a MAN then, & why you 'troll' others -> http://slashdot.org/comments.pl?sid=2238996&cid=36457426

    (OH, don't worry - I took a screenshot of that, so that even AFTER you alter it for CORRECT SPELLING, I can laugh @ you about it too... HOW MANY YEARS HAVE YOU LEFT IT THAT WAY?)

    APK

    P.S.=>

    "Used to do pen/vuln. No more." - by Jeremiah Cornelius (137) on Tuesday January 08, @09:32PM (#42527343) Homepage

    So you're also MERELY A USER OF TOOLS THAT GUYS LIKE MYSELF WROTE FOR YOU TO "USE"... nothing more - figures!

    That's ALL THAT TYPE IS - even the CISSP's I've met as well!

    I also saw a LOT of "consultant" in there too - the BULLSHITTERS of the INDUSTRY, no questions asked, lol!

    (Fact, because WITHOUT those tools? You couldn't do a DAMNED THING!)...

    ... apk