Sign in with
Sign up | Sign in
Your question

loopholes in win 2000 & how we can break sam file

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
September 16, 2004 9:34:46 AM

Archived from groups: microsoft.public.win2000.security (More info?)

few pepole argue with me regarding the win 2000
security.according to them it is breakable just enlight me
about it's possibility.if it's true then how?
Anonymous
a b 8 Security
September 16, 2004 7:09:41 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi,

Yes, you can dump LM and NTLM Hashes from SAM database. There are few ways
to do it. One is copy it off from the server, but this will require a
physical access to the server and a reboot. This method doesn't require any
permission at all, except physical access -- this is why physical access to
e.g. DC is very important. Next option is to use tools like pwdump2, but
this will require administrator privileges on computer where SAM database
is.

Once you have LM "Hashes" you can use tools like LC5 or older or some
on-line tools that will crack the hash to password.

What you can do about this is:
* Use NTLM Hash (LM Hash is vulnerable by design -- IBM designed it few
decades ago)
* Even with NTLM hash you have to use strong hard to guess passwords. If I
can run a dictionary attack against your passwords then it doesn't matter
what kind of Hash you use for your password storage

How to prevent Windows from storing a LAN manager hash of your password in
Active Directory and local SAM databases
http://support.microsoft.com/default.aspx?scid=kb;en-us;299656&Product=win2000

Account Passwords and Policies
http://www.microsoft.com/technet/prodtechnol/windowsser...

I hope this helps,

Mike

"suresh bhargav" <anonymous@discussions.microsoft.com> wrote in message
news:357101c49be9$8cb2a660$a501280a@phx.gbl...
> few pepole argue with me regarding the win 2000
> security.according to them it is breakable just enlight me
> about it's possibility.if it's true then how?
Anonymous
a b 8 Security
September 16, 2004 10:11:41 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Mike is correct. However this is NOT unique to Windows. ANY operating system where a
person has full physical access to the computer is vulnerable to password attacks -
do a search for Linux or UNIX password crackers. One is shown in the link below.

http://www.openwall.com/john/

Windows 2000 and particularly Windows XP Pro/Windows 2003 offer built in EFS file
encryption to protect a users data files if need be. If you are using XP Pro and you
encrypt a folder, write your files to that folder, and then export/delete your EFS
private key [assuming it is the only one - no RA], those files are encrypted with AES
encryption and they will be very, very safe. I don't like to use the word never. But
to crack that encryption someone would need some extreme horsepower and a long, long,
time. --- Steve

http://www.microsoft.com/resources/documentation/Window...

http://www.microsoft.com/technet/prodtechnol/winxppro/d... -- XP/2003
EFS


"suresh bhargav" <anonymous@discussions.microsoft.com> wrote in message
news:357101c49be9$8cb2a660$a501280a@phx.gbl...
> few pepole argue with me regarding the win 2000
> security.according to them it is breakable just enlight me
> about it's possibility.if it's true then how?
!