PASSWORD SECURITY ON DOMAIN CONTROLLER (PWDUMP)

[jabottt]

Hi
I 'm trying to find out if it's possible to do the following on our
network:

1. Access a user's desktop by logging in as that user.

In order to do this, we need to know if we need to go to the domain
controller to extract the user's password hash.

We read somewhere that a salted version of the password is kept in a
password history cache on the desktop. Is this true? Does this mean
that the user's account can be compromised without touching the Domain
Controller?
Thanks
Jon

 

[Andrei Ungureanu]

yeap ... but it's pretty hard to do that.
There are some tools that can extract the hash from the cached credentials
(stored in registry), but I don't think is exactly the hash of the password,
I belive is a hash of the password hash.

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au

 

[jabottt]

thanks for the answer Andrei. Well then, I guess that it's almost
impossible to extract a user's password from a desktop on a network?

 

[Andrei Ungureanu]

it can be done. I have tested Cain&Abel and it can crack password hashes by
brute force (it is a very time consuming operations - I did some tests only
on a 4 char password).

--
Regards,
Andrei Ungureanu
www.eventid.net
Test our new EventReader!
http://www.altairtech.ca/eventreader/default2.asp?ref=au