Re: L0phtCrack and Windows 2000 LM Hashes

Chris Mawer wrote:

> My win2k box shows that three user-accounts on my windows 2000 machine

> The Administrator account is most definitely not NULL,

   Isn't the system simply configured not to store the LM hashes, but rather the NTLM hashes only? Is there a

        HKLM\SYSTEM\CurrentControlSet\Control\Lsa\NoLmHash

key set in the registry? That disables the storage of LM hashes -- and the best way to use it is to set passwords to something noone would use as passwords (say something prevented by password policy, like empty passwords, or very short ones), then disable LM hash storage by setting this key, and then set the new passwords. That would produce the situation you have, if I have understood it correctly.

> accounts are not guest users. Attempting login with null password is
> denied for all three accounts. LC3 is being run on the local machine.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

   You don't say how you ran LC3 -- did you try to crack only the LM hash, or both?

-- 
Anders Thulin   anders.thulin@kiconsulting.se   040-661 50 63	
Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden