Security Advisor
Rainbow Crack--Not a New Street Drug
You can roll your own (pardon the pun) cracks for Windows LM passwords.
- By Roberta Bragg
- 07/01/2004
I remember when the Lopht introduced their password-cracking program
for Windows,
L0phtcrack.
The Lopht claimed that Microsoft’s LAN Manager authentication protocol
was weak and could be attacked easily. Microsoft challenged the Lopht’s
assertions, and the rest is ancient history. Lophtcrack is now known as
LC5, LM has been replaced
as the default authentication protocol by NTLM, NTLMv2 and Kerberos, and
LC5 is now a respected administration tool. Most of us have learned how
to protect our systems from its use, how to use it to promote the use
of complex passwords and how to protect sensitive accounts from its impact.
The program has become the most widely known password-cracking program
of Windows systems. Yet it was almost superseded.
Birth of a New Cracking Champion
A few months ago, Philippe Oechslin demonstrated a more efficient
method of cracking Windows LM passwords. The method, known as the Faster
Time-Memory Trade-Off Technique (based on earlier work by Hellman), uses
pre-calculated tables consisting of every possible combination of characters
in a Windows password and a sophisticated search algorithm. The result
is quicker password cracking—up to 12 times faster. (You can read Oechslin’s
paper at http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Oech03).
The new method, as first introduced, was only tested with password combinations
acceptable to the vanilla LM algorithm. Most of you know that a considerably
more extensive character combination and password length is available
for NTLMv2. However, you can find tools for implementing the algorithm
and creating the tables for NTLM readily available on the Web. These tools
and tables have been dubbed “Rainbow Crack.”
Rainbow Crack uses pre-generated password combination tables, and an
elegant searching algorithm. While a commercial cracking program has yet
to announce its use of this technique, you can obtain access to online
examples, download a tool complete with pre-prepared tables or purchase
Rainbow Crack tables and roll your own. Investigating this new technique
is a good idea, because it may be used in the future to reduce the time
taken to discover complex passwords.
The time factor has often been cited as useful for defense against password
cracking. One theory holds that the use of complexity can rapidly increase
the time necessary to crack a password, allowing development of a sound
strategy: Make them complex enough to keep passwords from begin cracked
during the timeframe that they’re valid (the time between password changes.)
While this still holds true, the appropriate validity/time constraint
is shrinking. Faster machines, distributed password cracking and now Rainbow
Crack are contributing to that. There are, however, many things that can
be done to protect passwords until a different defense can be adopted.
Follow these rules:
- Select and configure strong network authentication protocols.
- Select and configure strong remote access protocols.
- Protect password databases.
- Have a strong password policy.
- Obtain current password-cracking software and learn how it can be
used.
- Enforce the password policy with user awareness training and password
audits.
Cracking
Techniques |
- A dictionary attack uses a file of dictionary words.
Using the same algorithm used to create the Windows
password hash, it then compares the hash to password
hashes in the Windows password database.
- A heuristic attack uses known password creation
tendencies such as the inclusion of numbers at the
end of a password, or the use of common passwords
as an aide in finding part or all of the password
characters.
- A brute-force attack simply tries every possible
combination of characters until a match is found.
Given enough time, a brute-force attack can deduce
any password.
- Rainbow Crack uses a pre-hashed table of every
possible combination of characters and a sophisticated
search algorithm that speeds up the search of such
a large amount of data.
|
|
|
Configure Strong Network Authentication Protocols
Windows network logons can be strengthened by using Kerberos where possible
and by insisting on NTLMv2 where it isn’t possible. In a Windows 2000
Server or Windows Server 2003 domain, Kerberos is the authentication mechanism
of choice for network logon by Windows XP, Win2K and Windows 2003 member
computers. However, the LM protocol may be used when a non-member server
attempts to access a domain resource, when the IP address instead of a
computer name is used in accessing a share, when a domain controller can’t
be accessed and possibly in other circumstances.
Therefore, in addition to using domains and more modern Windows OSs,
you should configure Windows to use NTLMv2. This protocol is more secure
than its predecessors—LM and NTLM—for a number of reasons, including the
central one that it’s more difficult to crack. LC5, for example, can crack
NTLMv2 passwords, but it takes much longer, even for simple passwords.
For this reason, the default mode for LC5 cracks the copy of the LM hash
first, then deduces the NTLMv2 version. To ensure that NTLMv2 is in place
where Kerberos isn’t, make the applicable configuration changes:
- In Win2K and Windows 2003 domains, set the Group Policy Security
Option “Network Security: LAN Manager Authentication Level” to Send
NTLMv2 response only\refuse LM & NTLM. This will require clients to
use NTLMv2. (This option is set by default to require at least NTLM
authentication in Windows 2003 domains.)
- To set NTLMv2 for Windows NT SP4 domains, add the REG_ DWORD value
“LMCompatibility” and set it to 5. The Registry value should be added
at
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
- To require NTLMv2 for Windows 95/98, install the Active Directory
client and complete the Registry entry above.
- Eliminate the storage of LM hashes in the password database. This
is turned on by default in Windows 2003. It can be set using the Security
Option “Network Security: Do not store LAN Manager hash value on next
password change.” For Win2K domains, add the NoLMHash value to the location
below. This only prevents storage of LM hashes; it won’t delete existing
LM hashes. Users must change their password before this option will
do any good.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA
Please test these settings. There are a number of issues with NTLMv2
and legacy applications such as Windows remote access. Remember that you
can set security options on an OU-by-OU basis or one computer at a time
using scripts or manual methods. It isn’t necessary to have a domain-wide
policy for NTLMv2 policy, though it’s the most secure approach.
Strengthen Remote Access Authentication
When authentication is necessary for remote access, whether dial-up, Web
or wireless, logon security must be matched to the requirements of the
application and the availability of protocols. A range of authentication
protocols is available for remote access, including anonymous, basic (passwords
in the clear), integrated (LM variants or Kerberos), PAP, CHAP, MS-CHAP,
MS-CHAPv2 and EAP (variants of which include PEAP and smart cards). Default
settings are usually the least secure and vary depending on whether access
is dial-up, WAN or wireless. Your ability to implement security depends
on the client types that need access, and the capabilities of the hardware
and server software. While anonymous access may be desirable for public
Web sites, in general you’ll want to configure at least MS-CHAPv2 and
wherever possible use EAP to provide better protection. In addition to
the normal issues of LAN-based authentication, remote access increases
risk because communications will take place over un-trusted networks.
Use the highest level of authentication security possible and supplement
that by protecting communications.
In Windows 2003 and Win2K environments, use remote access policies to
further manage and secure remote access. Where appropriate, use Internet
Authentication Services (IAS) to centralize authentication. Remote access
policies can be used to granularize the remote access process over groups
of users, time of day, communication protocols and so on. Remember, wherever
access channels are restricted, the ability of an attacker to compromise
information systems by attacking account passwords or using already compromised
passwords to obtain access is limited. Using such chokepoints, or narrowed
communications channels, is a well-known security principle.
Protect Authentication Communications
Because captured credentials are vulnerable to password-cracking
attacks, protect communications. If credentials are protected by encryption
and other techniques, an attacker won’t be able to use simple credential-capturing
techniques to obtain passwords passed in clear text, or those that can
then be used by password cracking programs. Possible methods for communication
protection are readily available and include:
- VPNs
- SSL
- IPSec policies
- SMB signing
Where NTLM may be used, set the minimum-security negotiation level by
setting the NtlmMinServerSec value. This Registry value can be set to
require message integrity, confidentiality, session security and/or 128-bit
encryption. The value is at:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\MSV1_0
Protect Password Databases
On all NT 4.0 systems and all post-NT 4.0 systems based on NT 4.0 technologies
except DCs, the SAM database includes user account information, including
password hashes. It’s imperative to protect these files. Don’t weaken
the permission settings on these Registry files or the Registry permissions.
When a backup of the Registry is made, protect that backup. Also, inspect
the repair directory and protect it, as well.
When backups are made using some programs, a copy of the SAM file is
saved to the repair directory. Unlike the SAM file, the copy in the repair
directory can be copied from the hard drive when the system is running.
More than one known remote attack, if successful, obtains access to the
server and TFTPs (Trivial File Transfer Protocol) the file to another
server. Protect systems from these types of attacks: Patch vulnerabilities
that can lead to system compromise; don’t install TFTP; maintain permissions
on the repair folder; and, where possible, remove the SAM file copy from
the repair folder. Note that some attacks will install their own TFTP
program on the compromised server, so not installing the server’s TFTP
program is little more than a speed bump. If the machine is owned, it’s
game over. However, putting up roadblocks might just provide the time
necessary to detect the attack underway and shut it down before the SAM
file is exploited. Other tips:
- Windows 2003 and Win2K DCs keep the password database in the Active
Directory file ndis.dit. This file can’t be copied while the system
is active.
- Protect backups. Backups may contain copies of the SAM or ndis.dit
file. Don’t leave them unprotected and monitor their access.
- Physically protect computers. If the system can be physically accessed,
an attacker might be able to reboot it into another OS. This would allow
the attacker to copy the database file and remove it for attack elsewhere
or to run an attack locally.
- Limit, vet, audit the assignment and use of administrative-level
accounts. Have a strong administration policy that includes a firm definition
of who may obtain administrator group membership; require protection
of administrative workstations; require strong, complex passwords above
and beyond the technical password policy; and require administrator
accountability. Numerous administration tools, such as Winternals
ERD Commander and various iterations of pwdump can be used to obtain
a copy of the password database from servers, workstations and DCs.
If an attacker can obtain administrative access, these tools can be
used to obtain the database. Remember, most password cracking tools
rely on the availability of password hashes—if they can’t obtain the
hashes, they can’t crack the passwords. To help keep the databases safe,
guard administrative accounts. After all, if an attacker can obtain
administrative access, he or she may not need to crack other passwords
to obtain whatever it is he or she desires.
Implement a Strong Password Policy
Organizational policy may determine the domain password policy. You may
need to work with appropriate committees and individuals to enable a stronger
password policy. Long passwords—those that use 15 characters or more—automatically
require NTLM. Be aware, however, that newer Rainbow Crack tools provide
tables that include NTLM hashes and unless LM hashes are eliminated from
the database, those hashes can be used to crack the password. (Still,
these tables don’t provide a result for every possible NTLM password length
and character set.)
Also remember that the longer the password, the harder it is to crack,
and the harder it is for users to remember. And as you know, password
length isn’t the only thing that can make passwords more difficult to
crack. Using less common characters can also make the cracking job more
difficult. Some Rainbow Crack tables don’t include variations using spaces,
while others stop with the more common character set:
Listing 1. The common character
set used by some Rainbow Crack tables.
|
ABCDEFGHIJKLMNOPQRSTUVWXYZ
abcdefghijklmnopqrstuvwxyz
0123456789!@#$%^&*()-
+= |
|
|
Using passwords that include other characters may foil them.
Obtain Current Password-Cracking Software
One of the best investments a security team can make is in a password
cracker. As more companies turn to smart cards and biometrics, it may
be that the lowly password’s days are numbered. However, it’ll still be
awhile before the use of passwords to secure access to data systems entirely
disappears. On some networks, that time frame may be infinity.
Obtaining a copy of password-cracking tools allows for preparing a proper
defense against them. First, shake up your complacent attitude and that
of your peers. It isn’t as difficult, nor as time-consuming, to crack
passwords today as it was a few short months ago. Without knowledge of
the latest techniques, you can’t hope to protect authentication. Next,
knowing how they work, combined with your knowledge of Windows authentication,
helps you to mitigate their impact. I’ve provided some proper techniques
here, but a thousand eyes are more valuable than two. Finally, you can
use these tools to audit compliance to your current password policy.
For many years now, LC5 and its predecessors have been the crown prince
of Windows password-cracking programs. They crack both simple and complex
passwords using a combination of techniques, including dictionary, heuristic
and brute-force attacks. LC5 also provides Rainbow Crack tables. You can
purchase a copy of LC5 directly from @stake www.atstake.com.
If you wish to test rainbow crack tables directly, without purchasing
LC5, there are many ways to test the technique. Please be aware, however,
that current publicly available projects have limitations. Some work only
on LM hashes (and one famous one doesn’t account for the use of the space
character), others include tables for NTLM, but not NTLM hashes. In some
cases, the code and information on how to produce your own variation of
the program is also available.
Provide User Awareness Training
Technology alone will never be enough to protect information systems.
Hardening wetware—the people portion of any information system—is necessary,
as well. Users can’t be required to understand on their own the importance
of following the password policy, nor merely expected to comply to some
issued edict. But if you can obtain user buy-in to security policy, it’ll
reduce the effort required to ensure compliance.
One way to accomplish buy-in is by providing user awareness training.
Part of that training can be reading and promoting an understanding of
the security policy; other efforts can be directed toward teaching the
how-tos of creating strong passwords and demonstrations of how password-cracking
programs work. When people see how easily weak passwords are cracked,
it reinforces their commitment to using stronger ones. Awareness training
can also teach how to resist social engineering.
What To Do if You do Get Hacked
When all is said and done, you’re still vulnerable to password-cracking
attacks, accidental exposure, and social engineering. In short, some day
you may be hacked. If you have strong intrusion detection capabilities
and maintain strong incident response capabilities, you can minimize the
impact of such a compromise. When an attack is discovered, the ability
to rapidly disable sensitive administrative accounts, change others immediately,
institute password changes by every user on your system, and discover
and close the hole that allowed access can limit the impact a successful
intruder may have.