LM NTML NET-NTLM2理解及hash破解

作者: admin 分类: 密码破解 发布时间: 2020-04-01 17:07

LM 

Windows Vista / Server 2008已经默认关闭,在老版本可以遇到,但根据windwos的向下兼容性,可以通过组策略启用它(https://support.microsoft.com/en-us/help/299656/how-to-prevent-windows-from-storing-a-lan-manager-hash-of-your-passwor)。

加密过程:

299BD128C1101FD6

1.将所有小写字母转换为大写字母
2.将密码填充为包含NULL字符的14个字符
3.将密码拆分为两个7个字符的块
4.从每个7个字符的块中创建两个DES密钥

5. 使用DES加密字符串“ KGS!@ #$%”这两个块。

6.连接两个DES加密的字符串。

hash破解:

john --format=lm hash.txt

hashcat -m 3000 -a 3 hash.txt

NThash

NTLM是现在Windows系统上存储密码的方式,可以通过转储SAM数据库或使用Mimikatz来获得。

加密过程:

B4B9B02E6F09A9BD760F388B67351E2B

MD4(UTF-16-LE(your-password))

hash破解:

john --format=nt hash.txt

hashcat -m 1000 -a 3 hash.txt

 NTMLV1

NTLM协议在服务器和客户端之间的质询/响应中使用NTHash,协议的v1同时使用NT和LM哈希,具体取决于配置和可用内容。

加密过程:

u4-netntlm::kNS:338d08f8e26de93300000000000000000000000000000000:9526fb8c23a90751cdd619b6cea564742e1e4bf33006ba41:cb8086049ec4736c

C = 8-byte server challenge, random

K1 | K2 | K3 = LM/NT-hash| 5-bytes-0

response = DES(K1,C) | DES(K2,C) | DES(K3,C)

hash破解:

john --format=netntlm hash.txt

hashcat -m 5500 -a 3 hash.txt

NTMLV2

这是NTLM协议的新版本和改进版本,这使其很难破解。该概念与NTLMv1相同,只是发送到服务器的算法和响应不同,从Windows 2000开始,在Windows中为默认值。

加密过程:

admin::N46iSNekpT:08ca45b7d7ea58ee:88dcbe4446168966a153a0064958dac6:5c7830315c7830310000000000000b45c67103d07d7b95acd12ffa11230e0000000052920b85f78d013c31cdb3b92f5d765c783030

SC = 8-byte server challenge, random

CC = 8-byte client challenge, random

CC* = (X, time, CC2, domain name)

v2-Hash = HMAC-MD5(NT-Hash, user name, domain name)

LMv2 = HMAC-MD5(v2-Hash, SC, CC)

NTv2 = HMAC-MD5(v2-Hash, SC, CC*)

response = LMv2 | CC | NTv2 | CC*

hash破解:

john --format=netntlmv2 hash.txt

hashcat -m 5600 -a 3 hash.txt

4条评论
  • Pingback: LLMNR/NBT-NS欺骗攻击 - 米迪's Blog-关注web安全的博客
  • CBD cream

    2020年4月10日 下午1:08

    Someone necessarily assist to make severely articles I might
    state. That is the very first time I frequented your web page and
    up to now? I surprised with the analysis you made to create this actual put up amazing.

    Wonderful task!

  • CBD cream

    2020年4月10日 下午1:20

    Thanks for one’s marvelous posting! I quite enjoyed reading it, you could be a great author.

    I will always bookmark your blog and will eventually come back from now on. I want
    to encourage you to continue your great writing, have a nice morning!

  • CBD cream

    2020年4月11日 上午5:45

    Hey, I think your website might be having browser compatibility issues.
    When I look at your blog in Safari, it looks fine but when opening in Internet Explorer,
    it has some overlapping. I just wanted to give you a quick heads up!
    Other then that, wonderful blog!

发表评论

电子邮件地址不会被公开。 必填项已用*标注