Cachedump and Rainbowcrack

[kidmystic]

Cachedump is great for retrieving the cached Active Directory credentials from XP machines.

With BigPatch for John the Ripper, these hashes can be broken through dictionary and incremental cracking. However, I'm wondering if anyone has been able to put Rainbowcrack to work on these types of hashes.

cachedump & bigpatch
http://www.off-by-one.net/misc/cachedump.html

Information on the hashing process used on Active Directory credentials is at:
http://www.securiteam.com/tools/5JP0I2KFPA.html

Your help is very much appreciated! It doesn't look like anyone has published this vector before, so cachedump+rainbowcrack is new territory.

Thanks,


kidmystic

[xatar]

Hi,

AFAIK, the problem with using rainbowtables for cracking kerberos hashes, is that kerberos uses a salt value to hash the password.

This means that for every one password, there are now 4096 possible different hashes. This means that for a dictionary or brute force attack, you will need to hash each password 4096 times based upon a further brute force of the 12 bit salt value. That isn't much of a problem for cracking techniques that create hashed 'on the fly' like the dictionary/brute force, it will just slow it down slightly.

For a system that pre-computes the hashes, like rainbow tables, the size of that table will now be 4096 times bigger! I have 47GB of LM hashing tables! The kerberos hashing algorithm is much more complex and will require a much bigger set of tables, then multiply that by 4096!!!

It really makes the use of rainbow tables inneffective.

But that is only my current knowledge, if someone knows something different, please let use know.

l8r,
xatar.

[kidmystic]

So, if the password hash is salted with the unicode username, you could theoretically create rainbow tables based off that one username?

If that is the case, then there would no longer be any improvement over brute force attacking, correct?

[xatar]

This quote was taken from http://www.faqs.org/faqs/kerberos-fa...ection-25.html

Quote:

In Kerberos 4, a salt was never used. The password was the only input to the one-way hash function. This has a serious disadvantage; if a user happens to use the same password in two Kerberos realms, a key compromise in one realm would result in a key compromise in the other realm.

In Kerberos 5 the complete principal name (including the realm) is used as the salt. This means that the same password will not result in the same encryption key in different realms or with two different principals in the same realm.

So...

In theory...

Yes! You could create a rainbowtable based upon the salt value of the username@domain.com but I don't know how to rewrite the rtgen code to do that!

You are right, there would be no advantage over brute force or wordlist attacks. Well, it would be faster to crack the password, but you would have to spend a week creating the tables first!!

But I like the way you think, that the best skill a "hacker"/"penetration tester" can have!

l8r,
xatar.

[macamba]

Right now I am learning more about password auditing. Xatar can you let me know whether the following is correct. I think I have three options:
1) dictionary attack
2) brute force attack
3) rainbowtable attack
When I understand correctly in option 3 you calculate the hashes in advance.
So in principle you reach the effectiveness of a brute force and the efficiency of a dictionary attack.

I read that the rainbowtable attack is not usefull when the hash uses a SALT value.
I wonder whether this is true? See my thoughts below.
hash (password + SALT)
Let's say I have username 'admin' and password '12345'.
Which value does the hash function use for the SALT?
Would that be the value of the username, namely 'admin'?

Let's assume that the HASH calculates the following HASH VALUES for the two separate values:
for the username: admin the HASH is: xxxxx
and for the password: 12345 the HASH is yyyyy

I you calculate the hash for both values together would the HASH output be the same as above? In fact would the HASH value result in:
HASH (password + SALT)
=
HASH (12345 + admin)
=
yyyyyxxxxx

If that would be true you could create a rainbowtable based on generated random passwords and a variable you know the username 'admin'.

Of course as soon as the username is different in another audit. The generated rainbowtable would be useless and a brute force would have the same effect.

But if you use a commonly used username, let's say 'administrator' or 'admin'. The rainbowtable attack can be usefull and save some time.

@Xatar: are my conclusions correct or am I going wrong somewhere?

Thanks for your reply.

Regards,

Macamba

[xatar]

the salt should be a psuedo-random 12bit number. This means that if you create a rainbow table based on one 12bit salt, it's useless for any other salt value and therefore username.

So we are really limited to brute force and dictionary attacks, where every attempted password string is then hashed along with every 12bit salt value. It slows it down slightly, but it still works.