Highest Voted 'ntlm' Questions - IT Security Stack Exchange

23

votes

2 answers

How are Windows 10 hashes stored if the account is setup using a Microsoft account?

I was testing the integrity of my passwords and noticed that after I dumped the hashes, there was only one account where the NTLM hash was not a "default hash." I also know that that account happens to be my backup user so it is not configured to…

hash windows ntlm

asked Apr 22 '17 at 20:37

yasgur99

331
1
2
4

13

votes

1 answer

Understanding Windows local password hashes (NTLM)

I have recently dumped some hashes from my local machine because I'm trying to understand the process in which Windows 7 hashes it's passwords. I have discovered my local password hash that looks (similar) to this:…

hash windows ntlm windows-7

asked Jun 13 '17 at 15:06

13aal

265
1
2
8

11

votes

1 answer

Are there any ways to leverage NTLM V2 hashes during a penetration test?

I am on a penetration test at the moment, where LM/NTMLv1 hashes are disabled. I have captured a number of NTLMv2 hashes via NBNS spoofing, however was unable to crack them after running them through rainbow tables. I was able to crack some…

hash penetration-test ntlm

asked Oct 30 '14 at 16:30

Sonny Ordell

3,476
9
33
56

10

votes

1 answer

Understanding NTLM Authentication Step by Step

I was reading this link on ASP.Net Authentication and Authorization and these 5 steps were there explaining NTLM authentication. Client sends the username and password to the server. Server sends a challenge. Client responds to the challenge…

authentication ntlm

asked Jul 12 '16 at 08:31

one

1,781
3
18
45

5

votes

1 answer

Is NTLM (over HTTPS) on IIS a good idea for a Internet-facing website

I am writing here since I have a huge doubt. I am performing a technical security assessment on a custom developed web application (ASP.NET). The application: is Internet-facing Uses HTTPS Uses IIS with NTLM authentication with NTLMSSP message…

tls ntlm

asked Mar 01 '20 at 07:49

Lux

53
1
5

4

votes

1 answer

MsChapV2 authentication and Evil Twin attack

I'm trying to understand the dynamics of the authentication process in the MS-CHAPV2 protocol. In particular, if I implement an Evil Twin attack I can't understand how it's possible that I can retrieve the NTLM v1 password. From the implementation…

network protocols credentials ntlm evil-twin

asked Apr 10 '18 at 16:47

usern3t

41
1
3

4

votes

2 answers

Help converting string to NTLM

I'm trying to covert a string into a NTLM hash. From what I understand you just have to covert the characters in the string to unicode, format it to little endian and then hash it with the MD4 algorithm. I tried both little and big endian but…

hash ntlm

asked Jun 29 '16 at 19:17

Manuel Hernandez

141
1
2

4

votes

1 answer

Why is Windows password security designed this way?

Let's start with the LM hash. The LanMan hash had MONUMENTAL security flaws, like the password being case insensitive (converted to upper), which reduced the keyspace for a brute force attack. On top of that, >7 character passwords were split into…

hash windows md5 ntlm

asked Oct 15 '15 at 02:37

Kunal Chopra

169
6

3

votes

0 answers

Extracted LM Hashes doesnt match actual password

I'm new to LM Hashing and Windows authentication, and I'm having problems with LM hashes. I've created 2 accounts with the password "123", and both of them have different hashes, and none of the hashes match any online LM…

authentication hash windows-10 ntlm

asked Apr 13 '19 at 17:53

Thiago Souza

31
1

3

votes

1 answer

How is it that tools like Hashcat, JTR able to bruteforce an NTLMv2 hashes?

With regards to the following question about the feasibility of (brute|dictionary|rainbowtable)-forcing an NTLMv2 hash: How feasible is it for an attacker to brute-force an NTLMv2 response captured off the network? ..I'm trying to understand how is…

brute-force password-cracking hashcat ntlm john-the-ripper

asked May 01 '18 at 10:15

Vicer

113
8

3

votes

2 answers

How feasible is it for an attacker to brute-force an NTLMv2 response captured off the network?

According to the Wikipedia article on NTLM here: https://en.wikipedia.org/wiki/NT_LAN_Manager ..under the NTLMv2 description it mentions that NTLMv2 sends two responses to an 8-byte server challenge So basically according to the article the…

authentication windows ntlm

asked Sep 10 '17 at 06:09

Vicer

113
8

3

votes

2 answers

Should I use rainbow tables or bruteforce (NTLM)?

As part of security testing, I will receive around 150 to 200 Active Directory password hashes from Windows Server 2012 R2 (using NTLM?). I have found NTLM rainbow tables (1,5 TB total), that covers all password length less or equals 8 (full ASCII),…

brute-force password-cracking rainbow-table hashcat ntlm

asked Jul 28 '17 at 16:49

A J

67
2
7

3

votes

3 answers

NTLMv2 Reflection Attack

I am trying to figure out if NTLMv2 is vulnerable to a reflection attack. I cannot find a citation that clearly states NTLMv2 as being vulnerable. NTLMv1 is horribly insecure so there really is not point in even discussing the security of NTLMv1. No…

ntlm reflection

asked Mar 13 '17 at 15:06

squarewav

179
1
5

3

votes

2 answers

Possible to connect to VNC server only with a NTLM Hash?

I'm using a training lab to learn computing security. And I retrieved the hash of the admin in this form: admin:1001:NO PASSWORD*********************:D4BF5A8658AFXXXXXXXX5B8DBB60859746::: So, I just have the NTLM part (not the LM), and cracking…

remote-desktop ntlm

asked Sep 01 '16 at 09:50

Addon

31
3

3

votes

3 answers

Are rainbow tables a viable tool for cracking NTLMv2 hashes?

Background I am unclear about the difference between NTLM hashes and the NTLM protocol, regardless of version. My tentative understanding is that there is such a thing as an "NTLMv2 hash", and that these hashes, being unsalted, would be viable…

windows password-cracking rainbow-table ntlm

asked Aug 30 '16 at 13:53

sampablokuper

1,961
1
19
33

Questions tagged [ntlm]