Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ms > 03 > 020323.html (Request Expert securityfocus.com Support)

RE: L0phtCrack and Windows 2000 LM Hashes

From: Harris, Ken <KHarris(at)HIPUSA.com>
Date: Fri Feb 07 2003 - 11:36:51 EST


Chris:

Doesn't look like you have any worries; this is textbook behaviour. See here:

http://online.securityfocus.com/infocus/1554/

"If your password is 15 characters or longer, Windows stores the constant AAD3B435B51404EEAAD3B435B51404EE as your LM hash, which is equivalent to a null password. And since your password is obviously not null, attempts to crack that hash will fail."

-KH

-----Original Message-----
From: Chris Mawer [mailto:red_hantu@hotmail.com] Sent: Thursday, February 06, 2003 2:27 PM To: focus-ms@securityfocus.com; honeypots@securityfocus.com Subject: L0phtCrack and Windows 2000 LM Hashes

List,

My win2k box shows that three user-accounts on my windows 2000 machine report as being *empty*, <8 and 2 of the three share a NULL password LM Hash

Do you need help?X

of AAD3B435B51404EEAAD3B435B51404EE. The third hash is different and I do not wish to report it here for what id deem obvious reasons.

The three accounts include Administrator and two other users. The passwords are known and have been fed into a wordlist. Running LC3 repeats these results.

The Administrator account is most definitely not NULL, and the other two accounts are not guest users. Attempting login with null password is denied for all three accounts. LC3 is being run on the local machine.

  1. Should I treat the box as compromised? Highly unlikely as there are enough alarms in place
  2. Should I report my findings to @Stake, in the belief LC has a flaw?

Much appreciated,

Chris Mawer


MSN Messenger - fast, easy and FREE! http://messenger.msn.co.uk

This message is a PRIVILEGED AND CONFIDENTIAL communication, and is intended only for the individual(s) named herein or others specifically authorized to receive the communication. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender of the error immediately, do not read or use the communication in any manner, destroy all copies, and delete it from your system if the communication was sent via email.
Received on Mon Feb 10 12:14:35 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:26 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library