NT LAN Manager (NTLM) is a series of protocols developed by Microsoft.
Questions tagged [ntlm]
52 questions
23
votes
2 answers
How are Windows 10 hashes stored if the account is setup using a Microsoft account?
I was testing the integrity of my passwords and noticed that after I dumped the hashes, there was only one account where the NTLM hash was not a "default hash." I also know that that account happens to be my backup user so it is not configured to…
yasgur99
- 331
- 1
- 2
- 4
13
votes
1 answer
Understanding Windows local password hashes (NTLM)
I have recently dumped some hashes from my local machine because I'm trying to understand the process in which Windows 7 hashes it's passwords.
I have discovered my local password hash that looks (similar) to this:…
13aal
- 265
- 1
- 2
- 8
11
votes
1 answer
Are there any ways to leverage NTLM V2 hashes during a penetration test?
I am on a penetration test at the moment, where LM/NTMLv1 hashes are disabled. I have captured a number of NTLMv2 hashes via NBNS spoofing, however was unable to crack them after running them through rainbow tables.
I was able to crack some…
Sonny Ordell
- 3,476
- 9
- 33
- 56
10
votes
1 answer
Understanding NTLM Authentication Step by Step
I was reading this link on ASP.Net Authentication and Authorization and these 5 steps were there explaining NTLM authentication.
Client sends the username and password to the server.
Server sends a challenge.
Client responds to the challenge…
one
- 1,781
- 3
- 18
- 45
5
votes
1 answer
Is NTLM (over HTTPS) on IIS a good idea for a Internet-facing website
I am writing here since I have a huge doubt. I am performing a technical security assessment on a custom developed web application (ASP.NET).
The application:
is Internet-facing
Uses HTTPS
Uses IIS with NTLM authentication with NTLMSSP message…
Lux
- 53
- 1
- 5
4
votes
1 answer
MsChapV2 authentication and Evil Twin attack
I'm trying to understand the dynamics of the authentication process in the MS-CHAPV2 protocol. In particular, if I implement an Evil Twin attack I can't understand how it's possible that I can retrieve the NTLM v1 password. From the implementation…
usern3t
- 41
- 1
- 3
4
votes
2 answers
Help converting string to NTLM
I'm trying to covert a string into a NTLM hash. From what I understand you just have to covert the characters in the string to unicode, format it to little endian and then hash it with the MD4 algorithm. I tried both little and big endian but…
Manuel Hernandez
- 141
- 1
- 2
4
votes
1 answer
Why is Windows password security designed this way?
Let's start with the LM hash.
The LanMan hash had MONUMENTAL security flaws, like the password being case insensitive (converted to upper), which reduced the keyspace for a brute force attack. On top of that, >7 character passwords were split into…
Kunal Chopra
- 169
- 6
3
votes
0 answers
Extracted LM Hashes doesnt match actual password
I'm new to LM Hashing and Windows authentication, and I'm having problems with LM hashes.
I've created 2 accounts with the password "123", and both of them have different hashes, and none of the hashes match any online LM…
Thiago Souza
- 31
- 1
3
votes
1 answer
How is it that tools like Hashcat, JTR able to bruteforce an NTLMv2 hashes?
With regards to the following question about the feasibility of (brute|dictionary|rainbowtable)-forcing an NTLMv2 hash:
How feasible is it for an attacker to brute-force an NTLMv2 response captured off the network?
..I'm trying to understand how is…
Vicer
- 113
- 8
3
votes
2 answers
How feasible is it for an attacker to brute-force an NTLMv2 response captured off the network?
According to the Wikipedia article on NTLM here:
https://en.wikipedia.org/wiki/NT_LAN_Manager
..under the NTLMv2 description it mentions that
NTLMv2 sends two responses to an 8-byte server challenge
So basically according to the article the…
Vicer
- 113
- 8
3
votes
2 answers
Should I use rainbow tables or bruteforce (NTLM)?
As part of security testing, I will receive around 150 to 200 Active Directory password hashes from Windows Server 2012 R2 (using NTLM?).
I have found NTLM rainbow tables (1,5 TB total), that covers all password length less or equals 8 (full ASCII),…
A J
- 67
- 2
- 7
3
votes
3 answers
NTLMv2 Reflection Attack
I am trying to figure out if NTLMv2 is vulnerable to a reflection attack. I cannot find a citation that clearly states NTLMv2 as being vulnerable. NTLMv1 is horribly insecure so there really is not point in even discussing the security of NTLMv1. No…
squarewav
- 179
- 1
- 5
3
votes
2 answers
Possible to connect to VNC server only with a NTLM Hash?
I'm using a training lab to learn computing security. And I retrieved the hash of the admin in this form:
admin:1001:NO PASSWORD*********************:D4BF5A8658AFXXXXXXXX5B8DBB60859746:::
So, I just have the NTLM part (not the LM), and cracking…
Addon
- 31
- 3
3
votes
3 answers
Are rainbow tables a viable tool for cracking NTLMv2 hashes?
Background
I am unclear about the difference between NTLM hashes and the NTLM protocol, regardless of version.
My tentative understanding is that there is such a thing as an "NTLMv2 hash", and that these hashes, being unsalted, would be viable…
sampablokuper
- 1,961
- 1
- 19
- 33