6
Windows New Technology LAN Manager

Ntlm

Embed Size (px)

Citation preview

Page 1: Ntlm

Windows New Technology

LAN Manager

Page 2: Ntlm

NTLM Protocol

NTLM is a mechanism for

authentication.

Can prove identities without sending a

password to the server.

NTLM has a ‘Hash Security’ issue

Page 3: Ntlm

How it works

NTLM has three messages:

Type 1:

Negotiation

Type 2:

Challenge

Type 3:

Authentication

Page 4: Ntlm

LM Hash Security Issue

Not a true one-way function

Passwords longer than 7 characters

are divided into 2 pieces. Each piece

is hashed separately.

All lowercase passwords are

changed to uppercase before

hashed, making it easier to crack.

Page 5: Ntlm

LM Hash Security Issue:

Doesn’t use cryptographic salt –

Ophcrack can crack LM encryption.

Implementation – change only when

user changes password.

Brute force attacks can be cracked

in hours.

Page 6: Ntlm

NTLM Replaced by

KerberosNTLM has been replaced by Kerberos.

Kerberos is the most secure authentication and

best choice for Microsoft SharePoint Server.


[MS-APDS]: Authentication Protocol Domain Support · Security (TLS), and Digest authentication. APDS is used by NT LAN Manager (NTLM) and the APDS is used by NT LAN Manager (NTLM)

[MS-APDS]: Authentication Protocol Domain Support · Security (TLS), and Digest authentication. APDS is used by NT LAN Manager (NTLM) and the APDS is used by NT LAN Manager (NTLM)

Documents
Configuring NTLM Authentication for URL Filtering and Browsing

Configuring NTLM Authentication for URL Filtering and Browsing

Documents
NTLM authenticationContents Platform Compatibilitysoftware.sonicwall.com/Firmware/Documentation/232-002511-00_Re… · 20/05/2014  · SonicOS SonicOS 5.8.1.15 NSA 220/250M, TZ 215

NTLM authenticationContents Platform Compatibilitysoftware.sonicwall.com/Firmware/Documentation/232-002511-00_Re… · 20/05/2014  · SonicOS SonicOS 5.8.1.15 NSA 220/250M, TZ 215

Documents
Session Code: SIA402. Overview Kerberos Overview How Kerberos Authenticates: Tickets to Paradise Making Sure You Use Kerberos… Not NTLM Cranking Up Kerberos:

Session Code: SIA402. Overview Kerberos Overview How Kerberos Authenticates: Tickets to Paradise Making Sure You Use Kerberos… Not NTLM Cranking Up Kerberos:

Documents
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords

Documents
· Web viewIf NTLM is supported, the server includes the word "NTLM" in the list. The messages involved are formally described in section 2.2. 1.8 Vendor-Extensible Fields The NTLM

· Web viewIf NTLM is supported, the server includes the word "NTLM" in the list. The messages involved are formally described in section 2.2. 1.8 Vendor-Extensible Fields The NTLM

Documents
Authentification LM NTLM Windows

Authentification LM NTLM Windows

Documents
winprotocoldoc.blob.core.windows.net... · Web viewThe server responds with a list of supported authentication mechanisms. If NTLM is supported, the server will include the word "NTLM"

winprotocoldoc.blob.core.windows.net... · Web viewThe server responds with a list of supported authentication mechanisms. If NTLM is supported, the server will include the word "NTLM"

Documents
Microsoft...  · Web viewNone of the flags specified in [MS-NLMP] section 3.1.1 are specific to NTLM. The following is a description of how POP3 uses NTLM. All NTLM messages are

Microsoft...  · Web viewNone of the flags specified in [MS-NLMP] section 3.1.1 are specific to NTLM. The following is a description of how POP3 uses NTLM. All NTLM messages are

Documents
Introduction - Microsoft...  · Web viewThis protocol documentation is covered by Microsoft copyrights. ... among which authentication mechanisms are listed. If NTLM is supported,

Introduction - Microsoft...  · Web viewThis protocol documentation is covered by Microsoft copyrights. ... among which authentication mechanisms are listed. If NTLM is supported,

Documents
Windows NTLM SSO weak. . . soooo weak.grutz.jingojango.net/presentations/NTLM SSO - DeepSec08.pdf · 2016-04-19 · grutz @ jingojango.net NTLM SSO Slide # Windows (NTLM) Authentication

Windows NTLM SSO weak. . . soooo weak.grutz.jingojango.net/presentations/NTLM SSO - DeepSec08.pdf · 2016-04-19 · grutz @ jingojango.net NTLM SSO Slide # Windows (NTLM) Authentication

Documents
Understanding the Windows SMB NTLM …...Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability BlackHat USA 2010 Vulnerability Information ‣ Flaws in Windows’

Understanding the Windows SMB NTLM …...Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability BlackHat USA 2010 Vulnerability Information ‣ Flaws in Windows’

Documents
interoperability.blob.core.windows.net · Web viewIf NTLM is supported, the server will list the word "AUTH=NTLM" in the list. The messages involved are formally described in other

interoperability.blob.core.windows.net · Web viewIf NTLM is supported, the server will list the word "AUTH=NTLM" in the list. The messages involved are formally described in other

Documents
[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol

[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol

Documents
ntlm message - pvv.org

ntlm message - pvv.org

Documents
Understanding the Windows SMB NTLM Authentication Weak … · 2015. 1. 12. · Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Ekoparty 2010 Vulnerability

Understanding the Windows SMB NTLM Authentication Weak … · 2015. 1. 12. · Understanding the Windows SMB NTLM Authentication Weak Nonce Vulnerability Ekoparty 2010 Vulnerability

Documents
Introduction - winprotocoldoc.blob.core.windows.netMS-NL…  · Web viewreplaces NTLM as the preferred authentication protocol. These extensions provide additional capability

Introduction - winprotocoldoc.blob.core.windows.netMS-NL…  · Web viewreplaces NTLM as the preferred authentication protocol. These extensions provide additional capability

Documents
interoperability.blob.core.windows.net · Web viewThe client discovers whether the server supports NTLM authentication by sending the IMAP4 CAPABILITY command, as described in [RFC3501]

interoperability.blob.core.windows.net · Web viewThe client discovers whether the server supports NTLM authentication by sending the IMAP4 CAPABILITY command, as described in [RFC3501]

Documents
winprotocoldoc.blob.core.windows.net · Web view[MS-SMTPNTLM]: NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension. Intellectual Property Rights Notice

winprotocoldoc.blob.core.windows.net · Web view[MS-SMTPNTLM]: NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension. Intellectual Property Rights Notice

Documents
Ntlm Unsafe

Ntlm Unsafe

Technology
[MS-SMTPNTLM]: NT LAN Manager (NTLM) Authentication ...... · NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension Intellectual Property Rights Notice

[MS-SMTPNTLM]: NT LAN Manager (NTLM) Authentication ...... · NT LAN Manager (NTLM) Authentication: Simple Mail Transfer Protocol (SMTP) Extension Intellectual Property Rights Notice

Documents
The NTLM family cons

The NTLM family cons

Documents
[MS-NLMP-Diff]: NT LAN Manager (NTLM) Authentication Protocol€¦ · NT LAN Manager (NTLM) Authentication Protocol Intellectual Property Rights Notice for Open Specifications Documentation

[MS-NLMP-Diff]: NT LAN Manager (NTLM) Authentication Protocol€¦ · NT LAN Manager (NTLM) Authentication Protocol Intellectual Property Rights Notice for Open Specifications Documentation

Documents
Lateral Movement using Credentials Relaying · 2021. 6. 9. · 5 More NTLM… • NTLM Authentication consists of 3 message types: • When users authenticate to target via NTLM (NTLM

Lateral Movement using Credentials Relaying · 2021. 6. 9. · 5 More NTLM… • NTLM Authentication consists of 3 message types: • When users authenticate to target via NTLM (NTLM

Documents
[APP] Autoproxy for Android Http(s), Socks, Proxy.pac Ntlm [24.Aug

[APP] Autoproxy for Android Http(s), Socks, Proxy.pac Ntlm [24.Aug

Documents
Introduction - winprotocoldoc.blob.core.windows.netMS-POP3]-16071…  · Web viewThe plus sign (+) status code indicates ongoing authentication and indicates that

Introduction - winprotocoldoc.blob.core.windows.netMS-POP3]-16071…  · Web viewThe plus sign (+) status code indicates ongoing authentication and indicates that

Documents
Kerberos, NTLM and LM-Hash

Kerberos, NTLM and LM-Hash

Technology
Ver.9 Standard Edition Windows版NTLM認証説明資料

Ver.9 Standard Edition Windows版NTLM認証説明資料

Documents
winprotocoldoc.blob.core.windows.netMS-NLM…  · Web view[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol. Intellectual Property Rights Notice for Open Specifications Documentation

winprotocoldoc.blob.core.windows.netMS-NLM…  · Web view[MS-NLMP]: NT LAN Manager (NTLM) Authentication Protocol. Intellectual Property Rights Notice for Open Specifications Documentation

Documents
[MS-NTHT]: NTLM Over HTTP Protocol · [MS-NTHT]: NTLM Over HTTP Protocol Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft

[MS-NTHT]: NTLM Over HTTP Protocol · [MS-NTHT]: NTLM Over HTTP Protocol Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft

Documents