CQURE Academy 5-Day Challenge: Day 4

Read about: Day 1Day 2Day 3

The fourth day was all about Windows password hashes. The video tutorial by Greg demonstrated how to access the local SAM database on a running computer and how to access the local and domain SAM database offline. I thought I knew a few things about this, but I was surprised to learn that Windows uses rather basic techniques to protect passwords. The hashes are calculated using a proprietary one-way function (the LM hash) and MD4 (the NT hash).

The operating system attempts to put some blocks in place to prevent access to the SAM and SYSTEM files, but with the techniques covered in the Day 3 Challenge, those are relatively easily circumvented.

This has certainly convinced me to check our domain policy and ensure that LM hashes are not being stored! There is a group policy setting that can be used to prevent an LM hash from being created the next time a user stores a password. This day, I really doubt anyone would have a legitimate reason to use LM hashes.

I did score 100% on the knowledge assessment, so I consider that another win.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s