Windows NT/NTLM encryption

Hash, which is usually translated as "hash" and also directly translated as "hash", refers to the input of any length (also called pre- ing and pre-image ), the hash algorithm is used to convert an output with a fixed length. The output is the hash value. This type of conversion is a compression ing, that is, the space of hash values is usually much smaller than the input space, and different inputs may be hashed into the same output, instead, it is impossible to uniquely determine the input value from the hash value. Simply put, a function compresses messages of any length to a fixed-length message digest.

I. MD5 and sha1 are currently the most widely used Hash algorithms, and they are all designed on the basis of md4. So what do they mean? Here is a brief introduction:

(1) md4

Md4 (RFC 1320) was designed by MIT's Ronald L. Rivest in 1990. md is short for message digest. It is applicable to 32-bit character-length processors and implemented with high-speed software. It is implemented based on 32-bit operations.

(2) MD5

MD5 (RFC 1321) is an improved version of md4 by Rivest in 1991. It is still input in a 512-bit group, and its output is a cascade of 4 32-bit characters, which is the same as md4. MD5 is more complex than md4, and the speed is a little slower, but it is safer and better in terms of anti-analysis and anti-difference performance.

(3) sha1 and others

Sha1 is designed to be used together with DSA by nist nsa. It generates a hash value with a length of less than 264 for an input with a length of bits. Therefore, sha1 is resistant to brute force attacks) better performance. SHA-1 is designed based on the same principle as md4 and imitates this algorithm.

 

Ii. Hash password format in Windows

Windows hash password format: User name: RID: LM-HASH value: NT-HASH value, for example: Administrator: 500: c8825db10f2590eaaad3b435b51404ee: 683020925c5d8rjc23aa724774ce6cc:

The username is administrator.

RID is: 500

The LM-HASH value is: c8825db10f2590eaaad3b435b51404ee
NT-HASH value: 683020925c5d8rjc23aa724774ce6cc

(1) Principle of Lm hash value generation in Windows

Assume that the plaintext password is "welcome". First, convert all the passwords into uppercase "welcome", and then convert the strings converted from uppercase to binary: "Welcome"-> 57454c434f4d451_0000000000

Tip: You can copy the plaintext password to the ultraedit editor and view it in binary mode to obtain the binary string of the password.

Note: If the plaintext password is converted in uppercase and the binary string is less than 14 bytes, you need to add 0x00 to supplement 14 bytes. Then, the data is partitioned into two groups of 7 bytes, which are respectively processed by the str_to_key () function to obtain two groups of 8 bytes of data:

57454c434f4d45-str_to_key ()-> 56a25288425a348a
00000000000000-str_to_key ()-> 0000000000000000

These two groups of 8 bytes of data will be used as the secret ey to the magic string "kgs! $ % "For standard DES encryption

"Kgs! @ # $ % "-> 4b47532140232425

56a25288425a348a-standard DES encryption for 4b47532140232425-> c23413a8a1e7665f

0000000000000000-standard DES encryption for 4b47532140232425-> aad3b435b51404ee

After the encrypted data is spliced, the LM hash is obtained.

Lm hash: c23413a8a1e7665faad3b435b51404ee

(2) NTLM hash Generation Principle in Windows

From the LM hash algorithm designed by IBM, Microsoft proposed its own challenge response mechanism while maintaining backward compatibility. NTLM hash came into being. Assume that the plaintext password is "123456" and is first converted to a unicode string. Unlike the LM hash algorithm, you do not need to add 0x00 to supplement 14 bytes.

"123456"-> 310032003300340035003600

When converting from an ASCII string to a unicode string, the little-Endian sequence is used. Microsoft did not consider the big-Endian sequence, ntoh * (), Hton * () when designing the entire SMB protocol *() the function should not be used in SMB Message decoding. The standard ASCII code before 0x80 is converted to the Unicode code, which is simply from 0x ?? 0x00 ??. This standard ASCII string is converted to a unicode string in the order of little-Endian, which simply adds 0x00 after each byte. Standard md4 unidirectional hash of the retrieved Unicode string. No matter how many bytes the data source has, md4 will generate a 128-bit hash value,

16-byte 310032003300340035003600-standard md4 unidirectional hash-> 32ed87bdb5fdc5e9cba88547376818d4

The final NTLM hash is obtained.

NTLM hash: 32ed87bdb5fdc5e9cba88547376818d4

Compared with the LM hash algorithm, the plaintext password is case sensitive and cannot be used to determine whether the original plaintext password is smaller than 8 bytes based on NTLM hash. The magic string "kgs! @ # $ % ". Md4 is a real one-way hash function. It is difficult to use it as the plaintext of the data source.

Iii. Summary:

The two encryption algorithms are LanManager (LM) and NTLM. lm can only store hash passwords of less than or equal to 14 characters. If the number of passwords is greater than 14, in Windows, NTLM is automatically used to encrypt it. (two methods are available in LC5. Therefore, NTLM can be used to encrypt it when it cannot be cracked) generally, the hash exported using PWDump or some other hash export tools (such as Cain) have the corresponding LM and NTLM values, that is, the number of digits of the password <= 14, if it is greater than 14 bits, only the corresponding NTLM hash is available, and lm also has a value, but it is useless for us. We cannot rely on it to query the LM rainbow table.
Operating System: For XP, Win2k, and win2k3, lm is used for encryption by default (or set to NTLM), and Lm is disabled in win2008, win7, and Vista, NTLM is used by default, so do not use the rainbow table generated by LM to find the NTLM hash value, but in turn, because lm-based encryption usually has a corresponding NTLM Hash (if the number of digits of the password is less than or equal to 14, the system uses NTLM to encrypt the password and store the NTLM hash ), in this case, the NTLM table of ophcrack is used to search for the NTLM hash instead of the LM hash.