HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 43 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Pass-the-hash on other system is it possible?
EH-Net
May 23, 2013, 06:29:40 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Pass-the-hash on other system is it possible?  (Read 5774 times)
0 Members and 1 Guest are viewing this topic.
d3l0n
Jr. Member
**
Offline Offline

Posts: 59


View Profile
« on: January 11, 2010, 01:27:47 PM »
Right now pass-the-hash attacks work against Windows systems, to some extent some web applications.

But what about other OS systems e.g. Linux, MAC OS. Can they be attacked using pass-the-hash attack? I know that there are no tools (that am aware off) to do such attacks against systems such as Linux, yet. But at least in theory any system that uses single-signOn can be attacked via pass-the-hash attack.

So is it safe and correct to say that pass-the-hash is possible/impossible in an environment where Linux/OS X is the only OS used?
Logged
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #1 on: January 12, 2010, 10:58:03 PM »
Pash-the-hash works because the hash is reused without modification and it is the sole piece used for authentication. This is the same reason that cookie and session hijacking work in web apps.

The attack is specific to the protocol and its authentication mechanism, NTLMv1 authentication. You won't be able to authenticate to a *nix ssh server or ftp server, but it will work against a samba server that supports NTLMv1 auth.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
d3l0n
Jr. Member
**
Offline Offline

Posts: 59


View Profile
« Reply #2 on: January 14, 2010, 06:07:28 PM »
Thanks timmedin

Quote
Pash-the-hash works because the hash is reused without modification and it is the sole piece used for authentication. This is the same reason that cookie and session hijacking work in web apps.

How can you get transparent access to network without storing users' credentials somewhere?And without asking users to enter their passwords each time they want to access a resource on the network?

What the modification will do to the process?

Quote
The attack is specific to the protocol and its authentication mechanism, NTLMv1 authentication. You won't be able to authenticate to a *nix ssh server or ftp server, but it will work against a samba server that supports NTLMv1 auth.

I'm not that familiar with Linux so please don't flame me if the question sounded silly.

If a company is working in a pure Linux environment, where users will pretty much be accessing shared folders to work on files, print files, etc. How they will be able to do it without being asked for their passwords each time they want to use a resource?
Logged
timmedin
Sr. Member
****
Offline Offline

Posts: 469



View Profile WWW
« Reply #3 on: January 31, 2010, 08:20:05 PM »
Quote from: d3l0n on January 14, 2010, 06:07:28 PM
Thanks timmedin

Quote
Pash-the-hash works because the hash is reused without modification and it is the sole piece used for authentication. This is the same reason that cookie and session hijacking work in web apps.

How can you get transparent access to network without storing users' credentials somewhere?And without asking users to enter their passwords each time they want to access a resource on the network?

What the modification will do to the process?

The problem with the Pash-the-hash is that the token used for authentication doesn't use a nonce, a one time bit of randomness so it can't be used again.

Quote from: d3l0n on January 14, 2010, 06:07:28 PM
Quote
The attack is specific to the protocol and its authentication mechanism, NTLMv1 authentication. You won't be able to authenticate to a *nix ssh server or ftp server, but it will work against a samba server that supports NTLMv1 auth.

I'm not that familiar with Linux so please don't flame me if the question sounded silly.

If a company is working in a pure Linux environment, where users will pretty much be accessing shared folders to work on files, print files, etc. How they will be able to do it without being asked for their passwords each time they want to use a resource?

You can use kerberos to take care of it. The configuration will depend on what authentication provider you use.
Logged
twitter.com/timmedin | http://blog.securitywhole.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.247 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.