Date post: | 28-Jul-2015 |
Category: |
Technology |
Upload: | ankit-mehta |
View: | 72 times |
Download: | 0 times |
KERBEROS, NTLMAND LM-HASH
By: Ankit Mehta
CONTENTS
Kerberos Working of Kerberos Kerberos Version 5
LM-Hash LM-Hash Mechanism LM-Hash Weaknesses
NTLM NTLM Situations NTLM Authentication Messages NTLM Authentication Steps NTLM Vulnerabilities
KERBEROS
Kerberos is the name of “The Three Headed Dog” guarding the gates of Hades according to the Greek Mythology.
Developed at MIT to protect network services provided by Project Athena.
Uses Symmetric Key Cryptography algorithm.
Needs a trusted third party.
Steve Miller and Clifford Neuman were the designers of Kerberos Version 4.
Current version of Kerberos is Version 5.
WORKING OF KERBEROS
There are four parties involved: The client (say A) Authentication Server (say AS) Ticket Granting Server (say TGS) The server (say B)
STEP 1: LOGIN
OutputASA
ASession
Key (KS)
Encrypt
Session Key (KS)
TGT
KS + TGT
Encrypt
Output
Symmetric Key derived from A’s password (KA)
Symmetric Key shared with the Ticket Granting Server (TGS)
STEP 2: OBTAINING A SERVICE GRANTING TICKET (SGT)
Request for SGTTGSA
EncryptSession Key
(KS)
Encrypted Timestamp
(ET)
Output (Request for SGT)
TGT B
KABTimestamp
STEP 2: OBTAINING A SERVICE GRANTING TICKET (SGT)
OutputTGSA
A KAB
Encrypt
B KAB
Encrypt
Output
Session Key (KS)
B’s Secret Key
STEP 3: USER CONTACTS ‘B’ FOR ACCESSING THE SERVER
OutputA B
EncryptSecret Key to be shared by ‘A’
and ‘B’ (KAB)
Encrypted Timestamp
(ET)
Output
(‘A’ + KAB) encrypted with ‘B’s secret key
Timestamp
‘A’ received this combination from the previous step
STEP 3: USER CONTACTS ‘B’ FOR ACCESSING THE SERVER
AcknowledgementA B
EncryptSecret Key to be shared by ‘A’ and
‘B’ (KAB)
Encrypted Timestamp
(ET)
Timestamp sent initially by Alice + 1
Encrypted Timestamp (ET)
KERBEROS VERSION 5
There are 3 new ticket types in Kerberos version 5 which were not there in version 4. They are as follows:
1. Forwardable
2. Renewable
3. Postdatable
LM-HASH
LAN Manager hash is a compromised password hashing function that was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords.
Support for the legacy LAN Manager protocol continued in later versions of Windows for backward compatibility.
Since Windows Vista, the protocol is disabled by default.
LM-HASH MECHANISM
The user's password is restricted to a maximum of fourteen characters.
The user’s password is converted to uppercase.
The user's password is encoded in the System OEM Code page
This password is null-padded to 14 bytes.
The “fixed-length” password is split into two seven-byte halves.
These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream with the most significant bit first, and inserting a null bit after every seven bits (so 1010100 becomes 10101000).
This generates the 64 bits needed for a DES key.
LM-HASH MECHANISM
Each of the two keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”,resulting in two 8-byte cipher text values.
These two cipher text values are concatenated to form a 16-byte value, which is the LM hash.
LM-HASH MECHANISM
Key
Constant
Seattle1 SEATTLE 1****** = +
LM Hash
Key
Constant
Concatenate
DES DES
LM-HASH WEAKNESSES
Passwords are limited to a maximum of only 14 characters, giving a theoretical maximum keyspace of 9514 \ (approx) 292 with the 95 ASCII printable characters.
Passwords longer than 7 characters are divided into two pieces and each piece is hashed separately.
By mounting a brute force attack on each half separately, modern desktop machines can crack alphanumeric LM hashes in a few hours.
All lower case letters in the password are changed to upper case before the password is hashed, which further reduces the key space for each half to:
697 \ (approx) 243.
LM-HASH WEAKNESSES
Any password that is shorter than 8 characters will result in the hashing of 7 null bytes, yielding the constant value of 0xAAD3B435B51404EE, hence making it easy to identify short passwords on sight.
Many cracking tools, e.g. RainbowCrack, L0phtCrack and Cain, now incorporate similar attacks and make cracking of LM hashes fast and trivial.
LM-Hash values only change when a user changes his password.
NTLM
NTLM is a suite of authentication and session security protocols used in various Microsoft network protocol implementations and supported by the NTLM Security Support Provider.
NTLM is also used throughout Microsoft's systems as an integrated single sign-on mechanism.
It is recognized as part of the "Integrated Windows Authentication" stack for HTTP authentication.
It is also used in Microsoft implementations of SMTP, POP3, IMAP (all part of Exchange), CIFS/SMB, Telnet, SIP, and possibly others.
NTLM
The NTLM Security Support Provider provides authentication, integrity, and confidentiality services within the Window Security Support Provider Interface (SSPI) framework.
The SSPI specifies, and the NTLMSSP implements, the following core operations: Authentication -- NTLM provides a challenge-response authentication
mechanism Signing -- The NTLMSSP provides a means of applying a digital
"signature" to a message. Sealing -- The NTLMSSP implements a symmetric-key encryption
mechanism, which provides message confidentiality.
NTLM
unicodePwd
Seattle1 MD4
NTLM SITUATIONS
The client is authenticating to a server using an IP address
The client is authenticating to a server that belongs to a different Active Directory forest that has a legacy NTLM trust instead of a transitive inter-forest trust
The client is authenticating to a server that doesn't belong to a domain
No Active Directory domain exists (commonly referred to as "workgroup" or "peer-to-peer")
Where a firewall would otherwise restrict the ports required by Kerberos (typically TCP 88)
NTLM AUTHENTICATION MESSAGES
NTLM authentication is a challenge-response scheme, consisting of three messages:
1. Type 1 (negotiation)
2. Type 2 (challenge)
3. Type 3 (authentication)
NTML AUTHENTICATION STEPS
1. The first step provides the user's NTLM credentials and occurs only as part of the authentication (logon) process.
2. A user accesses a client computer and provides a domain name, user name, and password. The client computes a cryptographic hash of the password and discards the actual password.
3. The client sends the user name to the server (in plaintext).
4. The server generates a 16-byte random number, called a challenge or nonce, and sends it to the client.
5. The client encrypts this challenge with the hash of the user's password and returns the result to the server. This is called the response.
6. The server sends the following three items to the domain controller: User name Challenge sent to the client Response received from the client
NTML AUTHENTICATION STEPS
7. The domain controller uses the user name to retrieve the hash of the user's password from the Security Account Manager database. It uses this password hash to encrypt the challenge.
8. The domain controller compares the encrypted challenge it computed (in step 6) to the response computed by the client (in step 4). If they are identical, authentication is successful.
NTLM VULNERABILITIES
But it remains vulnerable to the “pass the hash” attack, which is a variant on the “reflection attack”.
“Metasploit” can be used in many cases to obtain credentials from one machine which can be used to gain control of another machine.
The “Squirtle toolkit” can be used to leverage web site “cross-site scripting” attacks into attacks on nearby assets via NTLM.
One of the attacks is the ability to predict pseudo-random numberss and challenges/responsess generated by the protocol.
THANK YOU