Windows Passwords on the Network

There are few technologies that have molded modern information security quite like the Windows password. The sheer popularity of the Windows operating system has resulted in intense scrutiny of the methods and their security; when more eyes are examining the security of an authentication system, there are more lessons to inform growth and improvement. On the other hand, a major goal of Windows implementations is backwards compatibility. What this means in practice is that older and weaker methods are often found in today's environments, even when a more secure version is available – and even when that more secure version is enabled in the same environment. In this chapter, we'll be discussing some technology that's literally more than two decades old, and you might wonder, do we really need to be looking for this anymore? The answer is, sadly, yes. Your clients will have their reasons for configuring their systems to support security methods that can be literally broken in seconds, but it's not likely that they've truly grasped the impact of these decisions. That's why you are there, and it's why I've included this chapter in this book.

In this chapter, we will cover the following topics:

• A quick overview of Windows password hashes and design flaws
• An introduction to Metasploit by using an authentication capture auxiliary module
• A demonstration of Link Local Multicast Name Resolution (LLMNR)/NetBIOS Name Service (NetBIOS NS) spoofing to capture Windows credentials
• An introduction to John the Ripper, a popular password cracker, and modifying search parameters