January 24, 2012 at 8:19 am #7271
I have read that windows 2003 server supports LM authentication for backward compatibility with older windows machine. In my lab setup, i have windows 2003 server, backtrack r4, and windows 98 and windows xp. Now the communication is genuine between 2003 server and windows xp but i need to redirect 2003 authentication to windows 98 so that passwords are sent in lm hashes rather than ntlm. This is hypothetical at this point. Before actually doing this setup, i just need to know am i thinking in the right direction ? can i sniff lm hashes using this way ?
January 24, 2012 at 10:14 am #45505AnonymousParticipant
What are you trying to do ? Why are you trying to sniff the hashes ? are you not better to just attack the machine direct and then dump the hashes for cracking ?
January 24, 2012 at 2:27 pm #45506TribanParticipant
Agree with Jamie, if you find a Windows 98 system still in a production environment there are many things you can do to it that are probably much easier than having to dump hashes. Shoot if password caching is enabled, I think Win98 stores them in plaintext.
You’re average environment will be Windows 2003, Windows XP SP2/SP3. You will also see more Windows 2008 boxes. What you should also try and add to the lab is a Windows 7 system. Eventually enterprises will have to move to it and many are gearing up for that move. They will either go physical migrations or possibly using VDI solutions so they can maintain their legacy apps on XP.
January 25, 2012 at 7:10 am #45507
Sorry i think i wasnt able to explain properly. I dont have any win98 in my environment. See my assumptions (based on my research)
1) Windows 2003 server and windows xp are genuine machines that need to perform authentication (most likely ntlm)
2) I introduce windows 98 in between as MITM.
3) Now when win2003 needs to perform authentication with windows xp like this
i want to redirect traffic to windows 98 so that authentication is now forced to LM, so that i can sniff the passwords.
I hope its clear, kindly suggest now
January 25, 2012 at 2:33 pm #45508cd1zzParticipant
Is this in your own lab? Are you just trying to sniff LM passwords? If so, why don’t you just change the box to allow LM hashes? http://technet.microsoft.com/en-us/library/cc738867(WS.10).aspx
If you’re practicing port forwarding, just use something like this: http://www.quantumg.net/portforward.php
January 26, 2012 at 6:37 am #45509
Port redirection is for MITM machine. what i am thinking is, the machine in between should redirect the traffic to another malicious machine. The link you forwarded will redirect from the destination, not from the MITM machine. Kindly correct me if i am wrong
And yes this is for my lab setup
You must be logged in to reply to this topic.