RE: NTLM

From: Chemolli Francesco (USI) <ChemolliF@dont-contact.us>
Date: Mon, 25 Feb 2002 10:06:12 +0100

> > So you are saying that a member server in a NT network can ask to
> > verify (challenge,NT-response,user,domain) with their own choice of
> > challenge because the DC knows the station by it's account?
>
> Sortof. There are RPC calls that AFAIK require a secure
> channel to make them. One of them (My reference book isn't
> handy or I'd name it) is used by the winlogon process on
> windows NT to authenticate a user when they log in. That call
> uses the triple above, rather than a handshake. And yes, that
> does open the way for chosen plaintext attacks on the SAM :}.

Well, you have to have a workstation trust account to be allowed
to use those things, which is handed when the workstation enters
a domain, which requires domain administrator-level privileges...
But once you're in, only account lockout policies will
let people know of this (of course, given enough time such attempts
could be disguised in the noise)...

-- 
	/kinkie 
Received on Mon Feb 25 2002 - 07:47:04 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:49 MST