Test Domains and the Lanman Hash

By Roger on May 22, 2007 2:35 PM | No Comments | No TrackBacks

I had an interesting thought this week. "Did we disable lanman hash storage on the test domains?" This is an important consideration. We use software to synchronize passwords from the production domain to the test domain for people in the I.T. department and HR. That would expose production passwords.

I looked at the primary test domain and found that we had indeed disabled the lanman hash.

On the other test domain, I found that we hadn't disabled the lanman hash storage. I was able to use my rainbow tables and in a couple of hours I had 100 percent of the passwords. About 40 of those passwords were synched over from the production domain, so I was able to obtain the production password for the lead SA, my manager and the director.

So, the lesson learned here is to apply your hardening guide on your test domains.

Categories:

Tags:

No TrackBacks

TrackBack URL: http://www.infosecblog.org/mt-tb20071121.pl/521

Leave a comment

Categories

Archives

Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Follow me on Twitter
Got Backups? Get Safe Online Remember Rick Rescorla
Powered by Movable Type 4.31-en

Search

About this Entry

This page contains a single entry by Roger published on May 22, 2007 2:35 PM.

RPC over HTTPS and SecurID was the previous entry in this blog.

Delf.aki is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.