Please check my understanding.... are domain credentials in ms-cache v2 form pretty much beyond the ability of current technology to crack (in ones lifetime)?
If I understand it correctly, rainbow tables are useless (except perhaps for an account named administrator) because the password is salted with the users name.
Similarly, neither brute-forcing (nor dictionaries) will crack a reasonably secure password in any kind of useful time.
I've thought about suggesting a ms-cachev2 algorithim be added to the multiforcer...but if only the least secure passwords can be cracked, there are other tools (e.g. hashcat, cain & able) which can make a run at it.
So...do I have this all pretty much straight?
ms-cache v2
13 posts
• Page 1 of 2 • 1, 2
-
- Ads
ms-cache v2
by mayberryman » Sat Nov 03, 2012 12:36 am
- mayberryman
- Posts: 5
- Joined: Thu Dec 30, 2010 9:58 pm
Re: ms-cache v2
by Bitweasil » Sat Nov 03, 2012 5:55 pm
mayberryman wrote:Please check my understanding.... are domain credentials in ms-cache v2 form pretty much beyond the ability of current technology to crack (in ones lifetime)?
Depends - what is the quality of the password used?
They're certainly tough. A distributed attack is the way to go for them, which my framework does support.mayberryman wrote:If I understand it correctly, rainbow tables are useless (except perhaps for an account named administrator) because the password is salted with the users name.
Correct. Though Administrator tables are certainly useful...
mayberryman wrote:Similarly, neither brute-forcing (nor dictionaries) will crack a reasonably secure password in any kind of useful time.
Correct. A secure password is pretty well secure with mscachev2.
mayberryman wrote:I've thought about suggesting a ms-cachev2 algorithim be added to the multiforcer...but if only the least secure passwords can be cracked, there are other tools (e.g. hashcat, cain & able) which can make a run at it.
So...do I have this all pretty much straight?
Yes. It will get added eventually, with full support for some cool features I'm working on, but mscachev2 is a hard nut to crack.
- Bitweasil
- Site Admin
- Posts: 912
- Joined: Tue Jan 20, 2009 4:26 pm
Re: ms-cache v2
by Picch » Tue Nov 06, 2012 10:10 am
mscachev2 is a nightmare for me during pentests. Even with GPUs the speed is absolutely horrible.
- Picch
- Posts: 59
- Joined: Sat Oct 23, 2010 10:28 am
Re: ms-cache v2
by Bitweasil » Tue Nov 20, 2012 2:05 am
Picch wrote:mscachev2 is a nightmare for me during pentests. Even with GPUs the speed is absolutely horrible.
They're on the short list for support.
- Bitweasil
- Site Admin
- Posts: 912
- Joined: Tue Jan 20, 2009 4:26 pm
Re: ms-cache v2
by Picch » Tue Nov 20, 2012 9:03 pm
Personally, I'd rather see ntlmv2 support first (in fact, I'd kill for ntlmv2) instead of mscache2. ntlmv2 is seen far more during pentests because of the ability to ARP Spoof, NetBIOS Spoof, etc...
- Picch
- Posts: 59
- Joined: Sat Oct 23, 2010 10:28 am
Re: ms-cache v2
by Bitweasil » Tue Nov 20, 2012 11:48 pm
Could you get me a few sample exchanges with known passwords in whatever format is most common?
- Bitweasil
- Site Admin
- Posts: 912
- Joined: Tue Jan 20, 2009 4:26 pm
Re: ms-cache v2
by Picch » Wed Nov 21, 2012 8:53 am
Yeah, I'll work on getting some samples. I believe there's 3 formats that are commonly seen.
- Picch
- Posts: 59
- Joined: Sat Oct 23, 2010 10:28 am
Re: ms-cache v2
by Bitweasil » Wed Nov 21, 2012 7:23 pm
Documented example would be pure awesome - unless you wanted to code up hash file classes for them, which would be even cooler!
- Bitweasil
- Site Admin
- Posts: 912
- Joined: Tue Jan 20, 2009 4:26 pm
13 posts
• Page 1 of 2 • 1, 2
Who is online
Users browsing this forum: No registered users and 1 guest