Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Published byWilfred Alexander Modified over 8 years ago

Similar presentations

Presentation on theme: "Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen."— Presentation transcript:

1 Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen C. Hayne

2 Service Packs and Hot Fixes Hot Fixes Upgrades to fix specific problems Such as programming flaws Service Packs Upgrades to fix problems within Windows Like security flaws Such as IP spoofing Contain a number of Hot Fixes

3 Domains And File Sharing Domains – Grouping Machines Together PDC – Primary Domain Controller Contains information about user accounts BDC – Backup Domain Controller Emergency copy of the PDC File Sharing – Accessing Resources across the Network \\xxxxx\zzz Where xxxxx is the computer name, and zzz is the shared folder Use $ after the name of the folder to make it hidden

4 User Groups Local Groups Administrators (Local) Account Operators Server Operators Backup Operators Print Operators Replicator Users Guests Global Groups Domain Administrators Domain Users

5 Windows File Systems FAT Standard file system Offers no access control NTFS Has many more different access permissions Makes securing files easier Most importantly, DOS can not view NTFS partitions

6 NTFS Permissions Standard Permissions No Access User can’t do anything Read User can read and execute Change User can read, write, execute, and delete Full Control User can change permissions for other users, Take Ownership, and have full access Special Permissions Read only Execute Write Delete Change Permissions Take Ownership

7 Windows Security Local Security Authority (LSA) Determines whether a logon attempt is valid Security Accounts Manager (SAM) Receives user logon information and checks it with its database to verify a correct username/password SAM Database Stores the LM and NT password hashes

8 Windows Passwords LM Password Used for backward compatibility Stores passwords in CAPS Much easier to crack than NT Hashes Password is not hashed or encrypted Broken up into 2 groups of 7 characters Usually gives away the NT password if cracked NT Password Used for compatibility with Windows NT/2000 systems Stores password exactly how they were entered by the user Uses a series of 2 one way hashes to hash the password Does not salt passwords like Unix

9 Windows “NT” Passwords Length Anywhere from 0 to 14 characters Characters All letters (upper and lowercase), numbers, and symbols are acceptable Stored in SAM database \WINNT\system32\config or \WINNT\repair …

10 NT Passwords 1. Hashed using RSA MD4 function Not reversable! But can be replicated… 2. Hashed again using MS function into SAM Reversable and fairly simple 3. Encrypted using Syskey function Strong encryption of SAM on disk

11 LM Passwords VS. NT Passwords An 8 character LM password is 890 times easier to crack than an 8 character NT password A 14 character LM password is 450 trillion times easier to crack than a 14 character NT Password 450 trillion = 450,000,000,000,000

12 Password Reset Offline NT Password & Registry Editor

13 Active Directory All important Based on Lightweight Directory Access Protocol an extensible, vendor-independent, network protocol standard -- it supports hardware, software, and network heterogeneity for any kind of data

14 LDAP (Active Directory)

15 Active Directory Creates a a hierarchy of trusted Organizational Units User profiles are verified with controlling server and can be set up to “roam” (huge data transfers) Passwords stored in “ntdis.nit” database or in SAM file (regular OS)

16 Windows Cracking Obtain copy of SAM and run L0phtCrack BUT – can’t get “real” SAM if system uses Active Directory UNLESS, use PWDUMP3 first…

17 NTFSDos and SAMDump NTFSDos Utility that allows DOS to view NTFS partitions Can be placed on a boot disk and used to access files that can’t be accessed in Windows SAMDump Utility that “dumps” the password hashes in the SAM database Can be used to view the password hashes or to export them into a text file If Syskey is used, displayed hashes will be incorrect http://www.hackingexposed.com/links-cdrom/links-cdrom.html

18 PWDump3 A utility similar to SAMDump Grabs password hashes from memory instead of the SAM database Because of this, it will work with Syskey enabled Can only be used by the Administrator on each system

19 L0phtCrack Uses Dictionary, Hybrid, and Brute Force attacks on password hashes Can get password from a local machine, a repair disk, a copied SAM file, or over a network (By sniffing packets) Can only be used by users who have Administrator status Uses a built in version of PWDump3 to access the password hashes from memory

20 Password Protection http://www.ntbugtraq.com/default.asp?sid=1&pid=47&aid=15 1. Remove permissions from the “repair” file 2. Audit Password Registry Keys 3. Use a strong Admin password and DON’T share it! 1. Integrate @#$%{|> characters – increases key space 100 times 2. Possibly add characters from [Alt+###]

21 Security Administrative Settings Local Security Policy – when unjoined… Disable weaker LM authentication if no 95/98 machines on network “runas” utility Kerberos! EFS (DES) doesn’t apply across the net EFS

22 Un*x Cracking Obtain “John the Ripper” Run against /etc/passwd file

Download ppt "Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen."

Similar presentations

Preparing for Installation Reviewing the list of tasks Working with DNS Recording information Backing up files Uncompressing the drive Disabling disk mirroring.

Preparing for Installation Reviewing the list of tasks Working with DNS Recording information Backing up files Uncompressing the drive Disabling disk mirroring.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Module 1: Installing Windows XP Professional

Module 1: Installing Windows XP Professional
Password CrackingSECURITY INNOVATION ©2003 1 Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.

Password CrackingSECURITY INNOVATION © Sidebar – Password Cracking We have discussed authentication mechanisms including authenticators. We also.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.

Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Chapter 7: Configuring Disks. 2/24 Objectives Learn about disk and file system configuration in Vista Learn how to manage storage Learn about the additional.

Chapter 7: Configuring Disks. 2/24 Objectives Learn about disk and file system configuration in Vista Learn how to manage storage Learn about the additional.
Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.

Hands-On Microsoft Windows Server 2003 Chapter 2 Installing Windows Server 2003, Standard Edition.
Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks I. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.

Network Shares and Accounts Sharing Printers, Drives, Folders – Setup Windows 95/98 Windows NT (2000, XP) Linux – Users – Groups.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.

Chapter 10 Chapter 10: Managing the Distributed File System, Disk Quotas, and Software Installation.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.

11 WORKING WITH USER ACCOUNTS Chapter 6. Chapter 6: WORKING WITH USER ACCOUNTS2 CHAPTER OVERVIEW Understand the differences between local user and domain.
Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.

Hacking Windows 2K, XP. Windows 2K, XP Review: NetBIOS name resolution. SMB - Shared Message Block - uses TCP port 139, and NBT - NetBIOS over TCP/IP.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.

Users and Groups Security Architecture Editing Security Policies The Registry File Security Auditing/Logging Network Issues (client firewall, IPSec, Active.
Working with Workgroups and Domains

Working with Workgroups and Domains

Similar presentations

Ads by Google