OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Evans, TJ (tjevanskpmg.com)
Date: Thu Nov 15 2001 - 11:41:59 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    But, if I recall properly - doesn't that lead to problems when you cannot
    contact your DC / AD?
            <i.e. - unable to "work offline"?>

    Thanks!
    TJ

     -----Original Message-----
    From: Sean Waddell [mailto:swaddellespgroup.net]
    Sent: Thursday, November 15, 2001 10:42 AM
    To: Dimitri Limanovski
    Cc: 'focus-mssecurityfocus.com'
    Subject: Re: Cached Network Password

    There is a registry edit that you can make to prevent pwd's from being
    cached.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\Winlogon]
    "CachedLogonsCount"="0"

    This should be part of your hardening process. 

    -- 
Sean Waddell
Network Engineer
The ESP Group

    Dimitri Limanovski wrote:
> 
> If I'm not mistaken, by default WindowsNT/2000 will remember (cache) user
> credentials, both local and network, unless defined otherwise via domain
> security policy or by hand in the registry.
> Now, where does OS keep this "cached" password? To test I first logged to
> the network using one of the test machines. I then disconnected from the
> network and logged using the same network credentials while actually
> "offline". No problems there. (BTW, network password is remembered because
> you'll get an error when trying to use anything else). I then used pwdump2
> and extracted password hashes. I then tried to LophtCrack it but was only
> presented with the list of local users and their corresponding passwords.
> Now, what happened to "cached" network username/password? Where does
Windows
> keep this information and is it possible to extract them?
> Thanks in advance,
> 
> Dimitri
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. 

    If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.         
*****************************************************************************