Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Kerberos, NTLM and LM-Hash

4.657 Aufrufe

Veröffentlicht am

How is your password stored in your machine?
This presentation explains basics of Kerberos, NTLM and LM-Hash algorithms used in our machines.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Kerberos, NTLM and LM-Hash

  1. 1. KERBEROS, NTLM AND LM-HASH By: Ankit Mehta
  2. 2. CONTENTS  Kerberos  Working of Kerberos  KerberosVersion 5  LM-Hash  LM-Hash Mechanism  LM-HashWeaknesses  NTLM  NTLM Situations  NTLMAuthentication Messages  NTLMAuthentication Steps  NTLMVulnerabilities
  3. 3. KERBEROS  Kerberos is the name of “TheThree Headed Dog” guarding the gates of Hades according to the Greek Mythology.  Developed at MIT to protect network services provided by Project Athena.  Uses Symmetric Key Cryptography algorithm.  Needs a trusted third party.  Steve Miller and Clifford Neuman were the designers of KerberosVersion 4.  Current version of Kerberos isVersion 5.
  4. 4. WORKING OF KERBEROS  There are four parties involved:  The client (say A)  Authentication Server (sayAS)  Ticket Granting Server (sayTGS)  The server (say B)
  5. 5. STEP 1: LOGIN Output ASA A Session Key (KS) Encrypt Session Key (KS) TGT KS +TGT Encrypt Output Symmetric Key derived from A’s password (KA) Symmetric Key shared with theTicket Granting Server (TGS)
  6. 6. STEP 2: OBTAINING A SERVICE GRANTING TICKET (SGT) Request for SGT TGSA Encrypt Session Key (KS) Encrypted Timestamp (ET) Output (Request for SGT) TGT B KAB Timestamp
  7. 7. STEP 2: OBTAINING A SERVICE GRANTING TICKET (SGT) Output TGSA A KAB Encrypt B KAB Encrypt Output Session Key (KS) B’s Secret Key
  8. 8. STEP 3: USER CONTACTS ‘B’ FOR ACCESSINGTHE SERVER Output A B Encrypt Secret Key to be shared by ‘A’ and ‘B’ (KAB) Encrypted Timestamp (ET) Output (‘A’ + KAB) encrypted with ‘B’s secret key Timestamp ‘A’ received this combination from the previous step
  9. 9. STEP 3: USER CONTACTS ‘B’ FOR ACCESSINGTHE SERVER Acknowledgement A B Encrypt Secret Key to be shared by ‘A’ and ‘B’ (KAB) Encrypted Timestamp (ET) Timestamp sent initially by Alice + 1 Encrypted Timestamp (ET)
  10. 10. KERBEROSVERSION 5  There are 3 new ticket types in Kerberos version 5 which were not there in version 4.They are as follows: 1. Forwardable 2. Renewable 3. Postdatable
  11. 11. LM-HASH  LAN Manager hash is a compromised password hashing function that was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior toWindows NT used to store user passwords.  Support for the legacy LAN Manager protocol continued in later versions of Windows for backward compatibility.  Since WindowsVista, the protocol is disabled by default.
  12. 12. LM-HASH MECHANISM  The user's password is restricted to a maximum of fourteen characters.  The user’s password is converted to uppercase.  The user's password is encoded in the System OEM Code page  This password is null-padded to 14 bytes.  The “fixed-length” password is split into two seven-byte halves.  These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream with the most significant bit first, and inserting a null bit after every seven bits (so 1010100 becomes 10101000).  This generates the 64 bits needed for a DES key.
  13. 13. LM-HASH MECHANISM  Each of the two keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”,resulting in two 8-byte cipher text values.  These two cipher text values are concatenated to form a 16-byte value, which is the LM hash.
  14. 14. LM-HASH MECHANISM Key Constant Seattle1 SEATTLE 1******= + LM Hash Key Constant Concatenate DES DES
  15. 15. LM-HASH WEAKNESSES  Passwords are limited to a maximum of only 14 characters, giving a theoretical maximum keyspace of 9514 (approx) 292 with the 95ASCII printable characters.  Passwords longer than 7 characters are divided into two pieces and each piece is hashed separately.  By mounting a brute force attack on each half separately, modern desktop machines can crack alphanumeric LM hashes in a few hours.  All lower case letters in the password are changed to upper case before the password is hashed, which further reduces the key space for each half to:  697 (approx) 243.
  16. 16. LM-HASH WEAKNESSES  Any password that is shorter than 8 characters will result in the hashing of 7 null bytes, yielding the constant value of 0xAAD3B435B51404EE, hence making it easy to identify short passwords on sight.  Many cracking tools, e.g. RainbowCrack, L0phtCrack and Cain, now incorporate similar attacks and make cracking of LM hashes fast and trivial.  LM-Hash values only change when a user changes his password.
  17. 17. NTLM  NTLM is a suite of authentication and session security protocols used in various Microsoft network protocol implementations and supported by the NTLM Security Support Provider.  NTLM is also used throughout Microsoft's systems as an integrated single sign-on mechanism.  It is recognized as part of the "IntegratedWindows Authentication" stack for HTTP authentication.  It is also used in Microsoft implementations of SMTP, POP3, IMAP (all part of Exchange), CIFS/SMB,Telnet, SIP, and possibly others.
  18. 18. NTLM  The NTLM Security Support Provider provides authentication, integrity, and confidentiality services within the Window Security Support Provider Interface (SSPI) framework.  The SSPI specifies, and the NTLMSSP implements, the following core operations:  Authentication -- NTLM provides a challenge-response authentication mechanism  Signing --The NTLMSSP provides a means of applying a digital "signature" to a message.  Sealing --The NTLMSSP implements a symmetric-key encryption mechanism, which provides message confidentiality.
  19. 19. NTLM unicode Pwd Seattle1 MD4
  20. 20. NTLM SITUATIONS  The client is authenticating to a server using an IP address  The client is authenticating to a server that belongs to a different Active Directory forest that has a legacy NTLM trust instead of a transitive inter-forest trust  The client is authenticating to a server that doesn't belong to a domain  No Active Directory domain exists (commonly referred to as "workgroup" or "peer-to-peer")  Where a firewall would otherwise restrict the ports required by Kerberos (typically TCP 88)
  21. 21. NTLM AUTHENTICATION MESSAGES  NTLM authentication is a challenge-response scheme, consisting of three messages: 1.Type 1 (negotiation) 2.Type 2 (challenge) 3.Type 3 (authentication)
  22. 22. NTML AUTHENTICATION STEPS 1. The first step provides the user's NTLM credentials and occurs only as part of the authentication (logon) process. 2. A user accesses a client computer and provides a domain name, user name, and password.The client computes a cryptographic hash of the password and discards the actual password. 3. The client sends the user name to the server (in plaintext). 4. The server generates a 16-byte random number, called a challenge or nonce, and sends it to the client. 5. The client encrypts this challenge with the hash of the user's password and returns the result to the server.This is called the response. 6. The server sends the following three items to the domain controller:  User name  Challenge sent to the client  Response received from the client
  23. 23. NTML AUTHENTICATION STEPS 7.The domain controller uses the user name to retrieve the hash of the user's password from the Security Account Manager database. It uses this password hash to encrypt the challenge. 8.The domain controller compares the encrypted challenge it computed (in step 6) to the response computed by the client (in step 4). If they are identical, authentication is successful.
  24. 24. NTLMVULNERABILITIES  But it remains vulnerable to the “pass the hash” attack, which is a variant on the “reflection attack”.  “Metasploit” can be used in many cases to obtain credentials from one machine which can be used to gain control of another machine.  The “Squirtle toolkit” can be used to leverage web site “cross-site scripting” attacks into attacks on nearby assets via NTLM.  One of the attacks is the ability to predict pseudo-random numberss and challenges/responsess generated by the protocol.
  25. 25. THANKYOU