[foofus-tools] two off-topic questions.

Ron ron at skullsecurity.net
Wed Apr 7 18:39:45 PDT 2010

On Wed, 7 Apr 2010 10:20:50 -0500 Richard Miles
<richard.k.miles at googlemail.com> wrote:
> Hi there
> I have two off-topic question that I think some of you guys may know
> the answer... at least I hope.
> - There is different opinions on the security community about NTLMv2,
> some people say it's safe against relay/replay attacks and others say
> it isn't. What is the true?

Well, it comes down to what you mean about relay/replay attacks. :)

The key difference between NTLM and NTLMv2 is that NTLM has a random token from the server, and NTLMv2 has random tokens from both the server and the client. That means that:

o Sniffing the packets won't help you authenticate to the server, unless you can crack them - same as all Windows authentication protocols (LM and higher). This is because they both require random tokens from the server and base the hash on that token - prevents replay attacks from sniffed packets. 
o NTLMv1 is vulnerable to a precomputation attack (ie, rainbow tables) by an evil server, since the server is the only source of randomness, whereas NTLMv2 isn't, since both the client and server add randomness to the mix
o A m(an|onkey) in the middle attack should work fine on NTLMv1 or NTLMv2 - the server doesn't prove that it knows your password, so you can't tell if the server is who you think it is
o If you have the NTLM hash (not to be confused with the NTLMv1 authentication protocol, but I man the raw hash on the system that can be dumped with, say, fgdump) it can be used to authenticate over NTLM or NTLMv2 - it's called passing the hash.

Something else worth noting - SMB message signing can potentially save you from a lot of this. SMB signing is based on the message and the raw NTLM hash of the password. That means that, if signing is enabled and *required*, the server DOES prove that it knows your credentials. Man in the middle attacks are prevented.

By default, Windows *checks* signatures on SMB, but allows blank signatures. That means if I want to MITM you, all I do is tell both sides that I don't want to sign my packets. DONE! 

> - I see that gsecdump has a nice feature to dump active logon session
> and this information doesn't come from sam Where it comes from?
> someone knows an implementation with source code available? I would
> like to study it..
I'm not positive how gsecdump does it, but there's one way to enumerate active sessions over SMB (tcp/139 or tcp/445) that uses the workstation service and the function NetSkstaEnumUsers (according to Wireshark). I'm planning on adding that to Nmap as a script, but haven't yet. That's how a program called netscan.exe does it - your mileage may vary. 

> sorry about the off-topic.
Well, it isn't my list or anything, but SMB is a topic I know in gory, gory detail. If you have any other questions, let me know! 

> Thanks


Ron Bowes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.foofus.net/pipermail/foofus-tools-foofus.net/attachments/20100407/a066fd29/attachment-0004.pgp>

More information about the foofus-tools mailing list