[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

windows 2003 domain password file

Posted on 2011-10-29
7
Medium Priority
?
544 Views
Last Modified: 2012-05-12
If an attacker was able to gain a copy of the windows 2003 domain password file (Kerberos), how hard is it crack/decrypt passwords from that file? Its my understanding those are encrypted via one-way hash. Anyone have any insight they can share regarding the level of complexity involved decrypting windows password files??
0
Comment
Question by:DEFclub
  • 4
  • 2
7 Comments
 
LVL 14

Expert Comment

by:setasoujiro
ID: 37050719
If an attacker would capture a Hashed password in some way, he could use this HASH to gain access to the system in various ways.
Windows will allow the Hash to be used as wel as the password itself.
For example, metasploit has various exploits for SMB that can use the HASH as well as a PASSWORD
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 37050721
Also these hashes are not 1-way and could be cracked using rainbow-tables
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 37050958
When 2003 was released it was reasonably secure BUT with todays computing power and advances in decryption, the average hacker could have access to your system in a very very short time.

Hence the advice I give out time and time again....

DO NOT USE YOUR DC FOR ANYTHING EXCEPT A DC. DO NOT HAVE SHARES ON YOUR DC. DO NOT INSTALL APPS ON YOUR DC FOR USERS.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:DEFclub
ID: 37050969
I do use my DC as DC, DNS and some DHCP only. Someone got ahold of my password file. Not sure if it ws an inside job, but I did have a social engineering attack where an attacker may have gained access to a couple users passwords; these were just users with no admin rights, but even so, how would they be able to get access to the windows password file?
0
 
LVL 14

Expert Comment

by:setasoujiro
ID: 37071687
There are various ways to get the password hashes/files.
If someone was to gain access to a user's pc/account they could easily sniff your network for hashes flying by (SMB etc...)

Or they could just use an exploit on your server and dump the entire password database (the hashes)
and then crack the hashes/ use them to authenticate.
0
 
LVL 14

Accepted Solution

by:
setasoujiro earned 2000 total points
ID: 37071699
Also make sure your server is fully patched.
0
 

Author Closing Comment

by:DEFclub
ID: 37072372
thxs
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question