1
00:00:01,400 --> 00:00:06,160
You can also create a. and L-M passwords using online services.

2
00:00:06,360 --> 00:00:11,800
We'll review now one of the many services of this type.

3
00:00:11,900 --> 00:00:19,650
You can enter a cryptographic resource in the form online hash Krekar dot com looking search will display

4
00:00:19,650 --> 00:00:27,070
the plaintext password used for generating the provided cryptographic resource.

5
00:00:27,110 --> 00:00:34,670
Let's see what happens if we search for one of the found hashes will choose land manager.

6
00:00:34,670 --> 00:00:38,030
This brings us back to the previous modules.

7
00:00:38,060 --> 00:00:45,740
It's not very clever to submit your own passwords to a dubious or untrusted service as you can see the

8
00:00:45,740 --> 00:00:51,900
hash has been correctly identified as a LAN Manager algorithm.

9
00:00:51,910 --> 00:00:55,700
It also turns out that the cryptographic resource was extracted from the password.

10
00:00:55,720 --> 00:00:58,450
He one.

11
00:00:58,510 --> 00:01:03,790
You can use a variety of methods to crack a password if you have an appropriate cryptographic resource.

12
00:01:07,060 --> 00:01:11,230
The showcase service also allows users to crack WPA to keys.

13
00:01:11,410 --> 00:01:14,100
Although this feature has to be paid for in most cases

14
00:01:16,810 --> 00:01:21,970
if I hash you provide is not found in the correct Tasha's database the site creators can crack it for

15
00:01:21,970 --> 00:01:25,250
you for a small fee.

16
00:01:25,250 --> 00:01:32,030
This was the last practical presentation in this module.

17
00:01:32,120 --> 00:01:35,030
What other ways can be used to obtain a user's identity.

18
00:01:36,870 --> 00:01:42,180
Replay attacks were extremely popular some time ago and even today they can still compromise Windows

19
00:01:42,180 --> 00:01:44,280
XP systems with default settings

20
00:01:46,980 --> 00:01:52,990
the attack exploits a vulnerability found in the land manager and enty land manager protocols.

21
00:01:53,130 --> 00:02:00,150
The protocols don't sign challenge in response messages and messages are not time stamped.

22
00:02:00,150 --> 00:02:02,940
This means that a message can be re-used unnoticeably

23
00:02:05,790 --> 00:02:13,570
SMB and SMB relay or programs shared on the Internet that can help you exploit this hands on an attack

24
00:02:13,570 --> 00:02:15,400
scenario is as follows.

25
00:02:19,070 --> 00:02:26,360
A client attempts to connect to a server the client has to be persuaded to connect to us.

26
00:02:26,370 --> 00:02:31,730
This can be done for example by sharing some interesting resource this attack.

27
00:02:31,730 --> 00:02:37,070
Just like the ones shown before aims to convince you that local area networks are not more secure than

28
00:02:37,070 --> 00:02:37,800
the internet.

29
00:02:39,010 --> 00:02:44,230
Sending your credentials over a local area network can be as dangerous as sending them over the Internet.

30
00:02:45,560 --> 00:02:49,270
The server should forward a challenge next since we want to connect to it.

31
00:02:51,600 --> 00:02:55,130
Instead it tells us that it wants to connect to us.

32
00:02:55,140 --> 00:02:56,680
What a coincidence.

33
00:02:56,880 --> 00:02:58,540
We react in a correct way

34
00:03:01,300 --> 00:03:04,550
following the protocol we send the challenge.

35
00:03:04,790 --> 00:03:12,200
At this point this challenge is a message that we the clients send to a server.

36
00:03:12,310 --> 00:03:16,570
Next the server realizes that we wanted to connect to it and sends a challenge message

37
00:03:19,430 --> 00:03:20,240
as it happens.

38
00:03:20,240 --> 00:03:24,320
The challenge is the same challenge that we sent to it a while before.

39
00:03:24,320 --> 00:03:25,750
We don't know that though.

40
00:03:28,540 --> 00:03:33,820
Since we have received a challenge message we encrypt it in an appropriate way using an NC or Allen

41
00:03:33,820 --> 00:03:39,160
password and for it as a response to our or the server's challenge.

42
00:03:41,010 --> 00:03:49,150
The server doesn't attempt any cryptanalysis and sends back the same response to our challenge.

43
00:03:49,260 --> 00:03:54,300
The result of this abuse is that the user pictured above in the slide has been authenticated to the

44
00:03:54,300 --> 00:04:00,510
computer of the user pictured below on the left and not the other way around.

45
00:04:00,510 --> 00:04:04,470
What's more the attackers gain the permissions of the user who started the process

46
00:04:08,130 --> 00:04:13,080
what are the countermeasures signing packets is a good solution.

47
00:04:14,230 --> 00:04:19,720
Since Allemagne and TLM don't implement this feature you need to sign packets and then they'll Aprilaire

48
00:04:20,740 --> 00:04:23,220
SMB protocol packets should be signed.

49
00:04:25,400 --> 00:04:28,660
The slide above shows how to enable SNB packet signing

50
00:04:32,120 --> 00:04:39,500
challenge response attacks have also been shown cracking the passwords was easy and fast.

51
00:04:40,820 --> 00:04:46,130
Windows has a setting that specifies which version of an authentication protocol issued by a specific

52
00:04:46,130 --> 00:04:48,020
provider will be used.

53
00:04:53,750 --> 00:05:01,780
Take a look at the options you can select sending Elham or TLM responses.

54
00:05:01,930 --> 00:05:06,430
Nothing less secure is available.

55
00:05:06,470 --> 00:05:15,950
You can also send L-M an anti alarm and if negotiated use and TLM version to if an attacker doesn't

56
00:05:15,950 --> 00:05:20,400
agree to it will send only L-M and TLM.

57
00:05:20,460 --> 00:05:24,200
The solution is just as vulnerable.

58
00:05:24,230 --> 00:05:31,510
You can also send only TLM responses without L-M this doesn't tighten security in practice however.

59
00:05:33,440 --> 00:05:38,440
The minimum authentication security level that should be set for all client computers is sending and

60
00:05:38,480 --> 00:05:42,200
TLM version 2 responses.

61
00:05:42,370 --> 00:05:48,950
If Kerberos responses fail you should only use anti-oil and version to server properties on the other

62
00:05:48,950 --> 00:05:57,000
hand should be configured to the last security level only and TLM version 2 responses should be sent

63
00:05:57,750 --> 00:06:03,610
L-M or TLM should be refused.

64
00:06:03,730 --> 00:06:09,580
If this policy is set on a server and a client has set the policy we talked about before the security

65
00:06:09,580 --> 00:06:11,850
is as high as possible without Kerberos

66
00:06:15,800 --> 00:06:18,410
Kerberos doesn't offer full protection either.

67
00:06:19,370 --> 00:06:22,430
There's no such thing as a protection guarantee with security

68
00:06:25,040 --> 00:06:31,310
Kerberos is susceptible to a certain class of attacks to attacks that compromised long term keys

69
00:06:34,020 --> 00:06:34,870
to run them.

70
00:06:34,890 --> 00:06:39,420
An attacker needs to get a hold of some cryptographic resources.

71
00:06:39,440 --> 00:06:45,230
This can be done by capturing the communications between a client that requests the TGT key and a domain

72
00:06:45,230 --> 00:06:46,880
controller.

73
00:06:46,880 --> 00:06:50,250
What happens then.

74
00:06:50,370 --> 00:06:55,290
We know already that the user's identity is verified against the message sent to and decrypted by a

75
00:06:55,290 --> 00:07:00,240
domain controller that contains a time stamp.

76
00:07:00,370 --> 00:07:07,010
The tolerance window for differences between the time stamp and the controller system time is 5 minutes.

77
00:07:07,010 --> 00:07:12,610
The problem is the time stamps always have the same structure.

78
00:07:12,710 --> 00:07:19,040
You know what the front or day month year and then hour minute second busy at the end.

79
00:07:19,300 --> 00:07:22,110
Z stands for Zulu.

80
00:07:22,260 --> 00:07:28,080
If we sniff out or obtain some encrypted resource and while trying to decrypt it using potential passwords

81
00:07:28,620 --> 00:07:33,210
we need the user passwords list again will get a value that looks like a time stamp.

82
00:07:33,210 --> 00:07:37,610
This means that the password is cracked.

83
00:07:37,670 --> 00:07:42,240
There's little chance that we'd get that time stamp value using a different key.

84
00:07:42,260 --> 00:07:50,130
This is how curb sniff works Kirsan if it's a light 10 year old application you can find on the internet

85
00:07:52,390 --> 00:07:59,240
it should be launched at the communications line between the client and I don't mean controller this

86
00:07:59,240 --> 00:08:00,920
line is relatively safe.

87
00:08:01,830 --> 00:08:08,510
Most administrators take steps to protect as you can see this protection has good grounds

88
00:08:11,380 --> 00:08:18,530
this module featured facts knowledge on varied methods of identity theft Windows system user credentials

89
00:08:18,530 --> 00:08:21,370
were used as an example.

90
00:08:21,530 --> 00:08:28,890
We showed off line attacks and outlined replay attacks online attacks.

91
00:08:29,030 --> 00:08:33,210
The module also showed the techniques and tools needed to capture a user's password.

92
00:08:33,210 --> 00:08:37,180
In about five minutes or less.

93
00:08:37,380 --> 00:08:37,900
Thank you.