Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Local Password Exploits and Countermeasures Presentation (Flash Tutorial)

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Local Password Exploits and Countermeasures Presentation (Flash Tutorial)

    Local Password Exploits and Countermeasures Presentation (SAM/Syskey, Domain Cache, VNC & Protected Storage)


    I have finished a Flash version of the Local Password Exploits and Countermeasures presentation I’m working on for the Indiana Higher Education Cybersecurity Summit (http://www.indiana.edu/~cacrsum/program.html). It covers cracking the SAM/Syskey, Cached ADS/Domain Credentials, VNC stored passwords and Windows Protected Storage

    Here is the link to see the tutorial:

    http://www.irongeek.com/i.php?page=v...sswordCracking

    It’s about 5.3MB and has almost 30 min of audio in it. Don't mirror it anywhere yet as I may change it some before I present it live on the 29th. If you have any feedback you would like to give me before the 29th email me. The Flash file may have some bugs so let me know if you find any.

    Topics covered (from the slide headings):

    Local Password Exploits and Countermeasures
    Why Crack Local Passwords?
    Escalating Network Privileges Example
    Methodology
    Glossary
    What’s Meant by Password Cracking?
    What’s not meant by password cracking?
    Cracking Passwords in the SAM
    How does a dictionary or brute force attack work?
    Commercial tools for cracking the SAM
    L0phtcrack
    SAMInside
    Open Source/Free tools for cracking the SAM
    Pwdump2/Pwdump3
    Cain
    SAMDump2/BKhive/John the Ripper
    RainbowCrack
    SAM Cracking Prevention
    Cracking Cached Domain/Active Directory Passwords
    Cached Credentials Format
    CachDump and John patches:
    John the Ripper
    VNC (Virtual Network Computing) Background
    Tools for Cracking VNC
    VNCrack
    VNCPwdump
    VNC Password Cracking Countermeasures
    Retrieving Passwords from Protected Storage
    Protected Storage Countermeasures

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Sounds good so far. You might want to mention that the sam file is in a hidden folder and not accessible under normal Circumstances???

    I'll post again as I go through it. I Take it that is why you are posting??
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Yep, I want to shine it up some before I present it live. Thanks.

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    When you talk about VNC. In the visual presentation the first app is Realvnc and second is tightvnc. Your dialog is tightvnc first realvnc second.

    Nitpicking, I no, but so much more on the ball if it matches.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Cool, I can change that. I'll wait till I get a few more comments so I can do all the changes at once then upload it again. Thanks for the feed back Jinxy.

  6. #6
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Ok jinxy, I made the VNC change. I also fixed some typos and added the factoid about. If you use a password longer than 14 characters no LM hash will be stored

  7. #7
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Well, I did the presentation Friday and it seemed to go over pretty well. Just st-st-stuttered a little bit. I added a section on using Cain to crack cached domain credentials, and was done with it. Fell free to mirror it if you like. Thanks folks.

  8. #8
    What the...?

    "Pistol Packing Penguin?"

    Heh.

    Good tut btw - did you want any feedback still or not, as you have already presented? How did the audience receive it - a lot of questions/comments back to you?

    Gracias.

  9. #9
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I did not have a lot of time for questions, but some people came up to me after the conference. If you have any constructive criticism to give go ahead.

  10. #10
    Senior Member br_fusion's Avatar
    Join Date
    Apr 2002
    Posts
    167
    Here is a question for anyone who knows. In IronGeeks nice presentation he mentioned Protected Storage. Now is Protected Storage the same thing as LSA(Local Security Authority) Secrets? Which are also stored in the registry, but I"m not sure where.

    Fusion
    The command completed successfully.


    \"They drew first blood not me.\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •