Hosting Provided By

L0phtCrack and Windows 2000 LM Hashes

From: Chris Mawer <red_hantu(at)hotmail.com>
Date: Thu Feb 06 2003 - 14:26:45 EST

List,

My win2k box shows that three user-accounts on my windows 2000 machine report as being *empty*, <8 and 2 of the three share a NULL password LM Hash of AAD3B435B51404EEAAD3B435B51404EE. The third hash is different and I do not wish to report it here for what id deem obvious reasons.

The three accounts include Administrator and two other users. The passwords are known and have been fed into a wordlist. Running LC3 repeats these results.

The Administrator account is most definitely not NULL, and the other two accounts are not guest users. Attempting login with null password is denied for all three accounts. LC3 is being run on the local machine.

Should I treat the box as compromised? Highly unlikely as there are enough alarms in place
Should I report my findings to @Stake, in the belief LC has a flaw?

Much appreciated,

Chris Mawer

MSN Messenger - fast, easy and FREE! http://messenger.msn.co.uk Received on Thu Feb 6 17:22:30 2003

This message: [ Message body ]
Next message: dave: "RE: L0phtCrack and Windows 2000 LM Hashes"
Previous message: Peter Snell: "RE: Customising user rights on win2k Pro"
Next in thread: dave: "RE: L0phtCrack and Windows 2000 LM Hashes"
Reply: dave: "RE: L0phtCrack and Windows 2000 LM Hashes"
Reply: Anders Thulin: "Re: L0phtCrack and Windows 2000 LM Hashes"
Reply: Pez Mohr: "Re: L0phtCrack and Windows 2000 LM Hashes"
Reply: Kimon Andreou: "Re: L0phtCrack and Windows 2000 LM Hashes"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:26 EDT