-
April 21st, 2005, 12:40 AM
#1
Local Password Exploits and Countermeasures Presentation (Flash Tutorial)
Local Password Exploits and Countermeasures Presentation (SAM/Syskey, Domain Cache, VNC & Protected Storage)
I have finished a Flash version of the Local Password Exploits and Countermeasures presentation I’m working on for the Indiana Higher Education Cybersecurity Summit (http://www.indiana.edu/~cacrsum/program.html). It covers cracking the SAM/Syskey, Cached ADS/Domain Credentials, VNC stored passwords and Windows Protected Storage
Here is the link to see the tutorial:
http://www.irongeek.com/i.php?page=v...sswordCracking
It’s about 5.3MB and has almost 30 min of audio in it. Don't mirror it anywhere yet as I may change it some before I present it live on the 29th. If you have any feedback you would like to give me before the 29th email me. The Flash file may have some bugs so let me know if you find any.
Topics covered (from the slide headings):
Local Password Exploits and Countermeasures
Why Crack Local Passwords?
Escalating Network Privileges Example
Methodology
Glossary
What’s Meant by Password Cracking?
What’s not meant by password cracking?
Cracking Passwords in the SAM
How does a dictionary or brute force attack work?
Commercial tools for cracking the SAM
L0phtcrack
SAMInside
Open Source/Free tools for cracking the SAM
Pwdump2/Pwdump3
Cain
SAMDump2/BKhive/John the Ripper
RainbowCrack
SAM Cracking Prevention
Cracking Cached Domain/Active Directory Passwords
Cached Credentials Format
CachDump and John patches:
John the Ripper
VNC (Virtual Network Computing) Background
Tools for Cracking VNC
VNCrack
VNCPwdump
VNC Password Cracking Countermeasures
Retrieving Passwords from Protected Storage
Protected Storage Countermeasures
-
April 21st, 2005, 12:58 AM
#2
Sounds good so far. You might want to mention that the sam file is in a hidden folder and not accessible under normal Circumstances???
I'll post again as I go through it. I Take it that is why you are posting??
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
April 21st, 2005, 01:01 AM
#3
Yep, I want to shine it up some before I present it live. Thanks.
-
April 21st, 2005, 01:25 AM
#4
When you talk about VNC. In the visual presentation the first app is Realvnc and second is tightvnc. Your dialog is tightvnc first realvnc second.
Nitpicking, I no, but so much more on the ball if it matches.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
April 21st, 2005, 06:11 PM
#5
Cool, I can change that. I'll wait till I get a few more comments so I can do all the changes at once then upload it again. Thanks for the feed back Jinxy.
-
April 23rd, 2005, 09:51 PM
#6
Ok jinxy, I made the VNC change. I also fixed some typos and added the factoid about. If you use a password longer than 14 characters no LM hash will be stored
-
May 1st, 2005, 03:40 AM
#7
Well, I did the presentation Friday and it seemed to go over pretty well. Just st-st-stuttered a little bit. I added a section on using Cain to crack cached domain credentials, and was done with it. Fell free to mirror it if you like. Thanks folks.
-
May 2nd, 2005, 10:26 PM
#8
Member
What the...?
"Pistol Packing Penguin?"
Heh.
Good tut btw - did you want any feedback still or not, as you have already presented? How did the audience receive it - a lot of questions/comments back to you?
Gracias.
-
May 2nd, 2005, 10:34 PM
#9
I did not have a lot of time for questions, but some people came up to me after the conference. If you have any constructive criticism to give go ahead.
-
May 3rd, 2005, 02:53 AM
#10
Here is a question for anyone who knows. In IronGeeks nice presentation he mentioned Protected Storage. Now is Protected Storage the same thing as LSA(Local Security Authority) Secrets? Which are also stored in the registry, but I"m not sure where.
Fusion
The command completed successfully.
\"They drew first blood not me.\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|