.

Pass-the-hash on other system is it possible?

<<

d3l0n

Jr. Member
Jr. Member

Posts: 59

Joined: Sat Dec 27, 2008 6:48 pm

Post Mon Jan 11, 2010 2:27 pm

Pass-the-hash on other system is it possible?

Right now pass-the-hash attacks work against Windows systems, to some extent some web applications.

But what about other OS systems e.g. Linux, MAC OS. Can they be attacked using pass-the-hash attack? I know that there are no tools (that am aware off) to do such attacks against systems such as Linux, yet. But at least in theory any system that uses single-signOn can be attacked via pass-the-hash attack.

So is it safe and correct to say that pass-the-hash is possible/impossible in an environment where Linux/OS X is the only OS used?
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Tue Jan 12, 2010 11:58 pm

Re: Pass-the-hash on other system is it possible?

Pash-the-hash works because the hash is reused without modification and it is the sole piece used for authentication. This is the same reason that cookie and session hijacking work in web apps.

The attack is specific to the protocol and its authentication mechanism, NTLMv1 authentication. You won't be able to authenticate to a *nix ssh server or ftp server, but it will work against a samba server that supports NTLMv1 auth.
twitter.com/timmedin | http://blog.securitywhole.com
<<

d3l0n

Jr. Member
Jr. Member

Posts: 59

Joined: Sat Dec 27, 2008 6:48 pm

Post Thu Jan 14, 2010 7:07 pm

Re: Pass-the-hash on other system is it possible?

Thanks timmedin

Pash-the-hash works because the hash is reused without modification and it is the sole piece used for authentication. This is the same reason that cookie and session hijacking work in web apps.


How can you get transparent access to network without storing users' credentials somewhere?And without asking users to enter their passwords each time they want to access a resource on the network?

What the modification will do to the process?

The attack is specific to the protocol and its authentication mechanism, NTLMv1 authentication. You won't be able to authenticate to a *nix ssh server or ftp server, but it will work against a samba server that supports NTLMv1 auth.


I'm not that familiar with Linux so please don't flame me if the question sounded silly.

If a company is working in a pure Linux environment, where users will pretty much be accessing shared folders to work on files, print files, etc. How they will be able to do it without being asked for their passwords each time they want to use a resource?
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sun Jan 31, 2010 9:20 pm

Re: Pass-the-hash on other system is it possible?

d3l0n wrote:Thanks timmedin

Pash-the-hash works because the hash is reused without modification and it is the sole piece used for authentication. This is the same reason that cookie and session hijacking work in web apps.


How can you get transparent access to network without storing users' credentials somewhere?And without asking users to enter their passwords each time they want to access a resource on the network?

What the modification will do to the process?


The problem with the Pash-the-hash is that the token used for authentication doesn't use a nonce, a one time bit of randomness so it can't be used again.

d3l0n wrote:
The attack is specific to the protocol and its authentication mechanism, NTLMv1 authentication. You won't be able to authenticate to a *nix ssh server or ftp server, but it will work against a samba server that supports NTLMv1 auth.


I'm not that familiar with Linux so please don't flame me if the question sounded silly.

If a company is working in a pure Linux environment, where users will pretty much be accessing shared folders to work on files, print files, etc. How they will be able to do it without being asked for their passwords each time they want to use a resource?


You can use kerberos to take care of it. The configuration will depend on what authentication provider you use.
twitter.com/timmedin | http://blog.securitywhole.com

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software