loopholes in win 2000 & how we can break sam file

  • Thread starter Thread starter suresh bhargav
  • Start date Start date
S

suresh bhargav

few pepole argue with me regarding the win 2000
security.according to them it is breakable just enlight me
about it's possibility.if it's true then how?
 
Hi,

Yes, you can dump LM and NTLM Hashes from SAM database. There are few ways
to do it. One is copy it off from the server, but this will require a
physical access to the server and a reboot. This method doesn't require any
permission at all, except physical access -- this is why physical access to
e.g. DC is very important. Next option is to use tools like pwdump2, but
this will require administrator privileges on computer where SAM database
is.

Once you have LM "Hashes" you can use tools like LC5 or older or some
on-line tools that will crack the hash to password.

What you can do about this is:
* Use NTLM Hash (LM Hash is vulnerable by design -- IBM designed it few
decades ago)
* Even with NTLM hash you have to use strong hard to guess passwords. If I
can run a dictionary attack against your passwords then it doesn't matter
what kind of Hash you use for your password storage

How to prevent Windows from storing a LAN manager hash of your password in
Active Directory and local SAM databases
http://support.microsoft.com/default.aspx?scid=kb;en-us;299656&Product=win2000

Account Passwords and Policies
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

I hope this helps,

Mike
 
Mike is correct. However this is NOT unique to Windows. ANY operating system where a
person has full physical access to the computer is vulnerable to password attacks -
do a search for Linux or UNIX password crackers. One is shown in the link below.

http://www.openwall.com/john/

Windows 2000 and particularly Windows XP Pro/Windows 2003 offer built in EFS file
encryption to protect a users data files if need be. If you are using XP Pro and you
encrypt a folder, write your files to that folder, and then export/delete your EFS
private key [assuming it is the only one - no RA], those files are encrypted with AES
encryption and they will be very, very safe. I don't like to use the word never. But
to crack that encryption someone would need some extreme horsepower and a long, long,
time. --- Steve

http://www.microsoft.com/resources/...rv/2003/all/techref/en-us/w2k3tr_efs_what.asp

http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx -- XP/2003
EFS
 
Back
Top