Langue: English
12 oct. , 13:30–14:20 (America/New_York), Track 2 (206a)
This talk will be a primer on Active Directory Password Storage, and password cracking methodologies for NTLM and NTLMv1. This talk will discuss reversing NTLMv1 to NTLM as well as inefficient but effective hashcat methodologies.
Abstract:
This talk will be a primer on Active Directory Password Storage, and password cracking methodologies for NTLM and NTLMv1. This talk will discuss reversing NTLMv1 to NTLM as well as inefficient but effective hashcat methodologies.
Outline:
Intro: Active Directory has a type of password storage, NTLM, NTLM has multiple forms, NTLM the MD4 based hash type, and NTLMv1 and v2 Challenge Response. This password storage technique can be cracked, or in the case of NTLMv1 reversed to NTLM. NTLM is also password equivalent. This talk will discuss the nuances of NTLM as well as cover password cracking techniques by a member of "Team Hashcat"
Technical terms and level setting: This portion of the talk will define NTLM, NTLMv1, how it is used, password equivalencies and cover the basics of hashcat.
NTLMv1 reversion to NTLM and Silver Ticket: This portion of the talk will describe the technical details of the NTLMv1 challenge response and the operation of responder. This portion will demonstrate the reversion of NTLMv1 to NTLM and the generation of a silver ticket to compromise a DC. This talk will also discuss PEAP-MSCHAPv2 which is just NTLM (Technically UTF-16LE encoded password hashed with MD4 but I digress)
Password cracking methodologies: This section will cover evilmogs favorite password cracking methodologies.
Expander/Fingerprint - Expander.bin and -a1, the oldschool method of hash cracking with hashcat
Cutb/Takeout Attack - usage of cutb, recreation of the rants by chort takeout attack
PRINCE & purple rain - demonstration of purple rain, generator and shuffle
generated2.rule/raking - discussion of raking, how to setup a rake, and usage of -g and how generated2.rule was created
hashcat blender - repo of scripts used to execute the above attacks
insane rules - omgwtfbbq.rule and superevil.rule, rules created for breaking in GPU's that are insane
Talk Type:
50 min talk
What you expect from attendees?:
I expect attendees to be familiar with hashcat as this is not a hashcat 101 talk, I suspect most attendees will be familiar with active directory
EvilMog is the Chief Architect of X-Force, a member of "Team Hashcat", Bishop of the "Church of Wifi", two time Hacker Jeopardy black badge winner at DEFCON, two time Hacker Jeopardy gold badge winner at THOTCON, a Special Effects Pyrotechnician, and adrenaline junky. He has 2 decades of Cyber Security experience and way too many certifications.