OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Osborne-1, Brett (Brett.Osborne-1KSC.NASA.GOV)
Date: Mon Feb 05 2001 - 13:20:00 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    SYSKEY has 3 modes (per Q143475, et. al.: "autoboot", "floppyboot", and
    "password boot"). And the results you've captured are hashed with One-Way
    Functions. Decryption should be unpracticable.

    B*U*T assume that a system admin using SYSKEY would use "password" mode and
    create a 14-character password. The result would be a keyspace of about 80+
    bits. That is more than a dozen times stronger than 56-bit encryption. Do
    the math. And that is just regarding cracking password. With the added need
    (at least, great benefit) to also gaining encryption keys, the use of SYSKEY
    should make cracking impracticable.

    See microsoft's tomes, as well as Trusted System' (trustedsystems.com)
    papers on NT Security.

    Brett Osborne
    CLCS Network Security Engineer
    "Whenever you eliminate the impossible, whatever remains, however
    improbable, must be the truth." Sherlock Holmes

    -----Original Message-----
    From: John Bumgarner [mailto:JBumgarnerMATRIXNETWORKING.NET]
    Sent: Thursday, February 01, 2001 3:59 PM
    To: PEN-TESTSECURITYFOCUS.COM
    Subject: [PEN-TEST] Security ????

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    To the list,

    Does anyone know of an application that can be used to audit MS
    Outlook Web Access? I have all the account names gathered through
    known web holes and the SAM file, but it is encrypted with SYSKEY,
    which is the next question.

    Does anyone know how to unencrypted a SAM file that has been
    encrypted with SYSKEY?

    Please respond to me with any questions or comments.

    Sincerely,

    John Bumgarner
    Matrix Networking Group, LLC
    11440 Carmel Commons Blvd.
    Suite 110
    Charlotte, NC 28226
    * Voice: (704) 405-3717
    * Fax: (704) 405-2662
    * mailto:jbumgarnermatrixnetworking.net
    <mailto:jbumgarnermatrixnetworking.net>
           www.matrixnetworking.net

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 6.5.8 for non-commercial use < http://www.pgp.com
    <http://www.pgp.com> >

    iQA/AwUBOnnOIzI5K0kmDqujEQLI2wCgpPvOiBXmyqDyCbLweb4Y6LqqxSIAoOn5
    Sw39BNYL1QcrZsKHFxgIPN8K
    =Vir2
    -----END PGP SIGNATURE-----