Forgot your password?
typodupeerror
Encryption Security Windows IT

NTLM 100% Broken Using Hashes Derived From Captures 155

Posted by Soulskill
from the progress-bar-complete dept.
New submitter uCallHimDrJ0NES writes "Security researcher Mark Gamache has used Moxie Marlinspike's Cloudcracker to derive hashes from captured NTLM handshakes, resulting in successful pass-the-hash attacks. It's been going on for a long time, probably, but this is the first time a 'white hat' has researched and exposed the how-to details for us all to enjoy. 'You might think that with all the papers and presentations, no one would be using NTLM...or, God forbid, LM. NTLMv2 has been around for quite some time. Surely, everyone is using it. Right? Wrong! According to the last data from the W3 Schools, 21% of computers are running XP, while NetMarketShare claims it is 39%. Unless someone has hardened these machines (no MS patches do this), these machines are sending LM and NTLM responses!' Microsoft has posted a little guidance for those who need to turn off NTLM. Have fun explaining your new security project to your management, server admins!"
This discussion has been archived. No new comments can be posted.

NTLM 100% Broken Using Hashes Derived From Captures

Comments Filter:

A CONS is an object which cares. -- Bernie Greenberg.

Working...