1

I'm new to Windows security, and I'm trying to understand basics of pass-the-hash attacks. As I understood :

  • NTLM = NT Hash = Password storage format
  • NTLMv1 = Net-NTLMv1 = Challenge/response authentication protocol
  • NTLMv2 = Net-NTLMv2 = Also a challenge/response authentication protocol

Sources I've found that explain the pass-the-hash attacks seem to be saying that "it affects NTLM".

What does it mean: "It affects both versions (NTLMv1 and NTLMv2)"? It affects the NT Hash independently of the authentication protocol used?

Sources

As my understanding of this increases, I think I was misled by the name "Pass-the-hash" (please tell me if I'm wrong): in fact, the NT hash is never passed (i.e. sent directly) to the server, it is instead consumed client-side while crafting the response to the challenge submitted by the server.

So (again, please tell me if I'm wrong):

  • If I compromise the NT Hash (=MD4(Unicode(password))), I can authenticate on both NTLMv1 and NTLMv2 (assuming I know the username and the user's domain) as it seems to be the only secret used here
  • If I compromise the NTLMv1 hash, which derives from the NT Hash in order to create the 3x7 bytes DES key, I can then solve server's challenge and authenticate
  • If I compromise the NTLMv2 hash, which seems to be built with NTLMv2 Hash = HMAC-MD5(NT Hash,USERNAME, DOMAIN), as with NTLMv1 I still can use it to authenticate as there is no locking mechanism (timestamp, server/client ID, ...)

Hence, what's the point of compromising NTLMv1 or NTLMv2 hashes if it means that we are also able to compromise the NT Hash?

Improve this question
0

1 Answer 1

Reset to default
3

Yes, Pass-the-Hash (PtH) attacks are possible against both NTLM v1 and NTLM v2.

As you correctly point out, an attacker who has managed to compromise the password hash of a user can calculate the keys for the responses and successfully authenticate without knowing the original password. Note, however, that only NTLM v2 uses MD4; in NTLM v1, the hash is DES-based (see the description by Microsoft). It's correct that the hash itself is never sent to the server.

In the case of NTLM v2, it doesn't matter whether an attacker obtains MD4(password) or the derived HMAC key HMAC_MD5(MD4(password), username + domain). Both enable a PtH attack, so the attacker will take whatever is easier to get. The same applies to NTLM v1.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.