RE: L0phtCrack and Windows 2000 LM Hashes

I would report it to @stake. I have heard of something like this before with l0phtcrack. It couldn't hurt to report it. Who knows, maybe they already know of something like this and are planning to fix it in the next release.

Tyran

-----Original Message-----
From: Chris Mawer [mailto:red_hantu@hotmail.com] Sent: Thursday, February 06, 2003 2:27 PM To: focus-ms@securityfocus.com; honeypots@securityfocus.com Subject: L0phtCrack and Windows 2000 LM Hashes

List,

My win2k box shows that three user-accounts on my windows 2000 machine report as being *empty*, <8 and 2 of the three share a NULL password LM Hash
of AAD3B435B51404EEAAD3B435B51404EE. The third hash is different and I do
not wish to report it here for what id deem obvious reasons.

The three accounts include Administrator and two other users. The passwords
are known and have been fed into a wordlist. Running LC3 repeats these results.

The Administrator account is most definitely not NULL, and the other two

accounts are not guest users. Attempting login with null password is denied
for all three accounts. LC3 is being run on the local machine.

1. Should I treat the box as compromised? Highly unlikely as there are enough alarms in place
2. Should I report my findings to @Stake, in the belief LC has a flaw?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Much appreciated,

Chris Mawer