defence in depth.

UPDATE [2011-10-15]: The issues described in this post have now been resolved by Apple. Users running OS X Lion 10.7.2 or security update 2011-006 are no longer affected by the vulnerabilities detailed below (CVE-2011-3435 and CVE-2011-3436). For further details on this security update please see Apple's advisory . In 2009 I posted an article on Cracking Mac OS X passwords . Whilst this post has been quite popular, it was written for OS X 10.6 and prior. Since the release of Mac OS X Lion (10.7) in July, I have received numerous requests for an update. Typically, I would have just updated the existing article without the need for a new post. However, during my research I discovered something interesting about OS X Lion that I'd like to share. In previous versions of OS X (10.6, 10.5, 10.4) the process to extract user password hashes has been the same: obtain the user's GeneratedUID and then use that ID to extract hashes from a specific user's shadow file (See my pr...

In Part 1 of the “LM/NTLMv1 Challenge/Response Authentication” series I discussed how both the LANMAN/NTLMv1 protocols operate and the weaknesses that plague these protocols. In this post I will demonstrate how attackers leverage these weaknesses to exploit the LANMAN/NTLMv1 protocols in order to compromise user credentials. For the remainder of this article I will be focusing on attacking the SMB protocol (Windows file sharing) as this is where LANMAN/NTLMv1 is most commonly used. Capturing the Response In order to capture a client’s LANMAN/NTLMv1 response, attackers will often utilise one of two methods: Force the client host to connect to them Conduct a man-in-the-middle (MITM) attack and “sniff” the client’s response To demonstrate these methods, I will be using the Metasploit Framework or Cain and Abel respectively. Metasploit In order for a client host to connect to us, we first need to create a listening SMB service that will accept incoming connections. Fo...

The Microsoft Windows platform uses a myriad of protocols to authenticate users across a network. Two such protocols widely in use today are the LANMAN challenge/response and NTLMv1 protocols. Whilst newer, more secure protocols (such as NTLMv2) are ready to take their place, LANMAN challenge/response and NTLMv1 are still widely deployed today for reasons of interoperability. As with most things Microsoft-related, ubiquity often equates to exploitability. In this two part series I will discuss how the LANMAN challenge/response and NTLMv1 protocols operate, how malicious users can take advantage of their shortcomings, and best practice recommendations for securely deploying these protocols. Microsoft Windows supports two primary algorithms for locally authenticating users. These algorithms generate what’s known as an “LM Hash” or an “NT Hash”. Enabled by default in Windows NT, 2000, XP, and Server 2003, the LM Hash has become synonymous with bad hashing practices over the years...

Protected Extensible Authentication Protocol (PEAP) is often regarded as a secure 802.11 wireless authentication protocol. Whilst PEAP has the ability to become a secure protocol it is certainly not without its deficiencies. I thought I would take this opportunity to provide everyone with an overview of the PEAP protocol by examining what it is, how it works, where its shortcomings lie, and how to secure it. Before we dive into the security concerns surrounding PEAP it is important to know there are currently three versions of the PEAP standard. The version I will be referencing throughout the remainder of this post will be PEAPv0. This is the most common deployment of the PEAP standard. PEAP is a widely deployed Extensible Authentication Protocol (EAP) type used to securely authenticate users against 802.11 wireless networks. Developed by Microsoft, Cisco and RSA, PEAP has been made popular through its continued support by the Microsoft Windows platform. PEAP has the ability to su...

Password wordlists and dictionaries are an often imperative resource for any password auditing exercise. I thought I would take this opportunity to consolidate a list of wordlists /dictionaries for ease of access. Please feel free to post any resources I have omitted in the comments below. I will periodically update this post with any new resources I come across. http://ftp.sunet.se/pub/security/too...all/wordlists/ http://www.skullsecurity.org/wiki/index.php/Passwords ftp://ftp.ox.ac.uk/pub/wordlists/ http://gdataonline.com/downloads/GDict/ ftp://ftp.openwall.com/pub/wordlists/ ftp://ftp.cerias.purdue.edu/pub/dict/ http://www.indianz.ch/tools/doc/wordlist.zip http://www.outpost9.com/files/WordLists.html ftp://ftp.openwall.com/pub/wordlists/passwords/ https://www.securinfos.info/wordlists_dictionnaires.php ftp://ftp.ox.ac.uk/pub/wordlists/ http://www.lostpassword.com/f/wl/bigdict.zip http://www.lostpassword.com/f/wl/French.zip http://www.lostpassword.com/f/wl/Spanish...

Recently I have noticed quite a bit of conjecture surrounding the Wi-Fi Protected Access (WPA) protocol and its use. With media hysteria now promoting WPA as no longer secure , wireless security has, unfortunately, become another great unknown to many people. In this three-part series I would like to delve into the WPA protocol and provide a background on its history, how it works and assess whether WPA is indeed insecure. By the end of this series I will have provided a foundation which will hopefully help answer two of the most common questions surrounding the wireless-security space: “Is WPA secure?” and “Should I be using WPA?”. To be comfortable in understanding the insecurities of the WPA protocol, Part 1 of this series will provide a brief background on 802.11 security. Designed as a basic security measure to secure 802.11 wireless networks, Wired Equivalent Privacy (WEP) was implemented to provide simple confidentiality to wireless networks. Soon after its inception, weakne...

In this post I will demonstrate how to both extract and crack Mac OS X passwords. The OS X variants that this tutorial is aimed at are 10.4 (Tiger), 10.5 (Leopard) and 10.6 (Snow Leopard). Whilst Mac OS X is based on a Unix variant (BSD), there are several key differences between traditional Unix-based and Mac OS systems when it comes to password storage. Lets take a quick look at some of the differences. If you have ever poked around on an OS X system, you may have noticed the absence of the /etc/shadow file. Whilst traditional Unix and BSD variants store their password hashes in /etc/shadow and /etc/master.passwd respectively, Mac OS X does not. Since the release of OS X 10.3 in 2003, Macintosh products have stored their shadow files in the /var/db/shadow/hash/ directory. Another key difference is the way in which the two systems store their hashes. On a Unix-based system, every hash associated with the system is stored in the /etc/shadow file. This differs from OS X whereby each ...