Hello, I would recommend to read a Robert Hensing article. Why you shouldn't be using passwords of any kind on your Windows networks . . . http://blogs.msdn.com/robert_hensing/archive/2004/07/28/199610.aspx And, I don't recommend to rely on NoLMHash. http://www.securityfriday.com/Topics/winxp1.html Kind regards, Urity RainbowCrack with a SMB server throwing a fixed challenge: // for rainbowcrack-1.2-src-algorithmpatch // Ophcrack? for your homework. // for HashRoutine.h // LM authentication void HashNetLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash); // NTLMv1 authentication void HashNetNTLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash); // for HashRoutine.cpp // LM authentication AddHashRoutine("netlm", HashNetLM, 24); // NTLMv1 authentication AddHashRoutine("netntlm", HashNetNTLM, 24); // for HashAlgorithm.cpp // LM authentication void HashNetLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash) { int i; for (i = nPlainLen; i < 14; i++) pPlain[i] = 0; static unsigned char magic[] = {0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25}; static unsigned char chllng[8] = {0}; // the fixed challenge of SMBRelay des_key_schedule ks; unsigned char lm[21]; setup_des_key(pPlain, ks); des_ecb_encrypt((des_cblock*)magic, (des_cblock*)lm, ks, DES_ENCRYPT); setup_des_key(&pPlain[7], ks); des_ecb_encrypt((des_cblock*)magic, (des_cblock*)&lm[8], ks, DES_ENCRYPT); setup_des_key(lm, ks); des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)pHash, ks, DES_ENCRYPT); setup_des_key(&lm[7], ks); des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)&pHash[8], ks, DES_ENCRYPT); if (nPlainLen < 8) { pHash[16] = 0x57; pHash[17] = 0xE9; pHash[18] = 0xA1; pHash[19] = 0xB7; pHash[20] = 0x95; pHash[21] = 0x40; pHash[22] = 0xC3; pHash[23] = 0x74; } else { lm[16] = lm[17] = lm[18] = lm[19] = lm[20] = 0; setup_des_key(&lm[14], ks); des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)&pHash[16], ks, DES_ENCRYPT); } } // NTLMv1 authentication void HashNetNTLM(unsigned char* pPlain, int nPlainLen, unsigned char* pHash) { unsigned char UnicodePlain[MAX_PLAIN_LEN]; int len = (nPlainLen < 127) ? nPlainLen : 127; int i; for (i = 0; i < len; i++) { UnicodePlain[i * 2] = pPlain[i]; UnicodePlain[i * 2 + 1] = 0x00; } static unsigned char chllng[8] = {0}; // the fixed challenge of SMBRelay des_key_schedule ks; unsigned char lm[21]; MD4(UnicodePlain, len * 2, lm); lm[16] = lm[17] = lm[18] = lm[19] = lm[20] = 0; setup_des_key(lm, ks); des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)pHash, ks, DES_ENCRYPT); setup_des_key(&lm[7], ks); des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)&pHash[8], ks, DES_ENCRYPT); setup_des_key(&lm[14], ks); des_ecb_encrypt((des_cblock*)chllng, (des_cblock*)&pHash[16], ks, DES_ENCRYPT); }
