Resolve Windows Password Security Issues (Part 2)

Source: Internet
Author: User
Tags password protection

Author: Britta, source: IT expert network

In the first part of the article, we have discussed in detail how the default Windows system is established. Note that the Default Windows Password is created using the Default Domain Policy GPO (connected to the Domain), which is also the location for determining password rules such as the password length, duration, and complexity. In this article, we will talk about the technologies used to "break down" Windows passwords. The purpose of this article is to help users prevent hacker attacks, rather than teach users how to steal Windows passwords. As we all know, different Windows operating systems can be attacked in different ways. The password protection in Windows Server 2003 and XP has been significantly improved, which can effectively help users resist hacker attacks.

Note: many of the tools we will discuss in this article are from hacker websites. I suggest you do not download any similar products or tools on the production network or desktop, to ensure that the network and production environment will not be affected by these tools. In addition, many companies have banned the use of these products and tools into security management regulations to ensure that employees do not download, secure or use similar tools.

Social Engineering

Currently, the most popular and most successful way to steal user passwords is social engineering attacks. Social engineering attacks may adopt different methods and modes, some attacks may simulate the service desk, IT staff, or security experts to obtain the password.

If you think that social engineering cannot happen in your enterprise environment, it is recommended that you look at the report on how IRS is vulnerable to social engineering attacks. The results are amazing (link: Command = viewArticleBasic & articleId = 9028960 & intsrc = news_ts_head ). The results of these reports are sensational, and even a Secure Enterprise environment may be attacked by social engineering.

The only way to deal with social engineering attacks is to teach users how to protect their passwords, reset passwords, and keep passwords confidential.


Another popular way to get a user's password is to obtain it through speculation. This is also the method we often adopt. It is best to increase the strength of the password and avoid making it easy for others to guess. If you want to know a list of passwords that are easy to guess, you can check the password list that Conflicker uses to attack the administrator account. The worm itself has a built-in password cracking tool, making it a very powerful rogue worm.

Similarly, it helps users greatly reduce the chance of attackers to guess and obtain a password, and provides users with a list of high-intensity passwords. passwords should not have the following characteristics:

· Too complex

· Use a regular Password

· Simple letters

In addition to guessing the password, another common situation is that the user writes the password down in a location that is easy to find and see, for example, writing the password on a note and then sticking it to the monitor. Some people may even write their passwords on the display or keyboard. These are all very incorrect practices. These behaviors should be monitored and reviewed in the general security audit of the enterprise's computer.

Attack tool attack

There are also some common hacker attacks that can take many methods to attack windows passwords. These attackers actually attack password hash generated by the operating system. These hash keys are important for windows operating systems of different levels, because the updated operating system supports better hash algorithms. LanManager (LM) is the worst hash algorithm among these passwords. LM is designed for the Working Group Windows and is outdated. The second is NTLM, the second is NTLMv2, and the last is Kerberos. Kerberos is used between all servers in the desktop and Active Directory environments.

Brute Force attacks are also common. In brute force attacks, the attack tool is configured to support a set of characters used to attack the password hash. Here, all character variants are used to generate hash, then compare it with the hash of the windows Password. Figure 1 shows the option for performing the brute force attack.

Figure 1: Any character combination can be used for Brute Force attacks

Because the brute force attack must generate a hash for all the character combinations you select, it is not very effective. Attackers have developed a method to store hash results of different character combinations to the database. This is called the "Rainbow" table (Rainbow table). The Rainbow table is just a pre-defined hash table, it takes about one tenth of the time for the rainbow table to break the password and then perform the brute force attack. There is also a tool called Rainbow Table Generator. As shown in 2, you can generate your own custom Table. Tools that support rainbow tables (such as Cain and Able) are displayed in figure 3.

VcsC0yei8xtfUvLq1xLLKuuex7Q = "src =" "width = 500>

Figure 2: You can use the free tool Rainbow Table Generator to design your own Rainbow Table

Figure 3: almost every new password attack tool supports the rainbow table


There are many types of attacks that can steal Windows passwords. Some of them are highly technical, while others are only using social engineering to allow users to disclose their passwords themselves. In most cases of social engineering and password speculation, teaching users can greatly ease the problem. It is necessary to teach users how to properly create a password that is not easily guessed, and do not disclose the password to other colleagues. Many tools (such as Cain and Able) have many password cracking methods. We hope that all users will be aware of the seriousness of the problem and actively protect their passwords.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.