ntlm – Page 2 – WindowsTechs.com

NTLM Relay detection logic

Posted on September 2, 2023 by chendoy

I am learning NTLM and came across an attack against it called NTLM Relay, where an attacker intercepts and relays NTLM authentication traffic between a client and a server.
One of the questions was to think of a detection logic that would… Continue reading NTLM Relay detection logic→

Custom PsExec csharp code with plaintext credentials

Posted on April 21, 2023 by Ankylo Gomez

I have this code for exploiting PsExec that works perfectly fine when I have a TGS for the CIFS SPN on the target, however there are situations where I only have plaintext credentials for the local admin of the target, and so I cannot requ… Continue reading Custom PsExec csharp code with plaintext credentials→

How to generate actually valid NTLM hash for chntpw (for SAM hive file injection)

Posted on January 10, 2023 by HeartOfGermany

I am currently working on a solution to at least try to implement a working/modern "change password" option to chntpw.
First of all: Windows uses this format in its hive file:
root@rescue /mnt/Windows/System32/config # samdump2 S… Continue reading How to generate actually valid NTLM hash for chntpw (for SAM hive file injection)→

What other attacks are possible besides these attacks LLMNR, MITM6, NtlmRelayX [closed]

Posted on December 27, 2022 by yishai

I have Kali inside the internal network, and I’m local admin on another computer (windows 10) on the same network as the Kali.
What other attack options do I have, besides those in the title?

Continue reading What other attacks are possible besides these attacks LLMNR, MITM6, NtlmRelayX [closed]→

Can hashes labeled ‘lm’ in SAM database mimikatz dump be another type than (NT)LM?

Posted on November 24, 2022 by purple-explorer

When I dump the password history hashes stored in the SAM database with mimikatz lsadump::dcsync tool, for every i’th password (re-)set by a SAM account there are two hashes stored by Active Directory (AD): ntlm- i and lm- i. I know storin… Continue reading Can hashes labeled ‘lm’ in SAM database mimikatz dump be another type than (NT)LM?→

This Week in Security:Breaking CACs to Fix NTLM, The Biggest Leak Ever, and Fixing Firefox by Breaking It

Posted on July 8, 2022 by Jonathan Bennett

To start with, Microsoft’s June Security Patch has a fix for CVE-2022-26925, a Man-In-The-Middle attack against NTLM. According to NIST, this attack is actively being exploited in the wild, so …read more Continue reading This Week in Security:Breaking CACs to Fix NTLM, The Biggest Leak Ever, and Fixing Firefox by Breaking It→

How can I find out what is using NTLM in my environment?

Posted on December 15, 2021 by Patrick-not-spongebob

I have seen Event Logs in Windows Event Viewer with EventID 6038 from Source LsaSrv.
My systems are: SQL server 2019 and Windows 10 20H2 machines.
I am attempting to audit what is using NTLM Authentication but do not know how to do this wi… Continue reading How can I find out what is using NTLM in my environment?→

pwdump8-8.2 correct hash for Microsoft Account Win10

Posted on November 21, 2021 by Patho

I am having a real issue cracking one NT hash i’ve pulled from my system for a Microsoft Account.
I used – PwDump8.2
I have an admin account unlocked on the system and can access most files.
I know pieces of the password so I have used Joh… Continue reading pwdump8-8.2 correct hash for Microsoft Account Win10→

Are there other types of NT Password (NTLM Hash) besides raw MD4?

Posted on September 30, 2021 by Steven Yang

According to the freeradius document https://freeradius.org/radiusd/man/rlm_pap.txt I can use NT-Password as the type of storing user’s password. However, I have only found the type of generating raw MD4 as NTLM Hash. As I need to use MSCH… Continue reading Are there other types of NT Password (NTLM Hash) besides raw MD4?→

Are there other types of NT Password (NTLM Hash) besides raw MD4?

Posted on September 30, 2021 by Steven Yang