«Windows IT Pro» , 07, 2003 1106

Windows

, , . Windows ...

— ! — . — ... ...

— , , , ? — . — , - .
. (. )

, , . Windows , , . .

, , , . , , IP- , . . , Windows : Lan Manager, NT Lan Manager, NT Lan Manager version 2 Kerberos version 5.

LM

Lan Manager (LM), Microsoft IBM, Windows NT Windows 95 Lan Manager. . , LM . @stake LC 4 ( L0phtCrack, http://www.atstake.com/research/lc/). NT — Web-, LM (http://lasecpc13.epfl.ch/ntcrack, http://www.antsight.com/zsl/rainbowcrack/).

, Active Directory. «» Windows 9x , .

LM , , . , . . NTLMv2. Windows 9x Active Directory Services (ADSC) (http://www.microsoft.com/windows2000/adclients). Windows NT 4.0 NTLMv2 (Service Pack 4). Windows NT 4.0, Active Directory, ADSC, NTLMv2. ADSC Windows NT 4.0 Microsoft. Windows 9x - Windows 2000 Clients.

ADSC — , . , . , , 1. Netlogon ( w2ksrv06) dsclients, w9x nt4. ADSC Windows 9x NT 4.0 . , ADSC. ADSC Windows NT 4.0.

1.
Active Directory ds.bat
@echo off
if «%OS%»==»» GoTo :W9x
:NT
if not «%CommonProgramFiles%»==»» GoTo :Eof
if exist %windir%system32ActiveDS.dll GoTo
 :Eof
net use z: /delete /yes
net use z: w2ksrv06
etlogon /yes
z:
ifmember Administrators
if not errorlevel 1 (notepad.exe notadmin.txt
 & goTo :Eof)
notepad.exe z:dsinst.txt
regedit -s z:
t4.reg
cd dsclients
t4
setup /Q
GoTo :Eof
:W9X
if exist %windir%systemActiveDS.dll GoTo :Eof
net use z: w2ksrv06
etlogon /yes
regedit -s z:win98.reg
z:
cd dsclientsw9x
setup /Q
notepad.exe z:dsinst.txt
:Eof

. . Windows 9x %OS% , , W9X. , ADSC. , %windir%systemActiveDS.dll. , . Z , , win98.reg , .

, ( ADSC ). dsinst.txt, , , , . .

%OS% , %Common

ProgramFiles%. Windows 2000, ADSC Windows NT 4.0.

ADSC Windows NT 4.0 , . , , Administrators ( NT «»). ifmember Resource Kit, Microsoft (http://www.microsoft.com/windows2000/techinfo/ reskit/tools/new/ifmember-o.asp). , 1,16 M, 115 . Netlogon .

, notadmin.txt, . , , . , :

net localgroup Administrators %username% /delete

, LM NTLMv2, , win98.reg nt.reg (. 2).

2. NTLMv2 Windows 9x/NT 4.0

(win98. reg) 
REGEDIT4
[HKEY_LOCAL_MACHINESystemCurrentControlSet
ControlLSA]
«LMCompatibility»=dword:00000003
(nt.reg)
REGEDIT4
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
ControlLsa]
«LMCompatibilityLevel»=dword:00000003
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSet
ControlLsaMSV1_0]
«NtlmMinServerSec»=dword:00080000
«NtlmMinClientSec «=dword:00080000

Windows 98 HKEY_LOCAL_MACHINESystemCurrentControlSet ControlLSALMCompatibility, Windows NT 4.0 HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlLsaLMCompatibilityLevel. , NT 4.0 NTLM. Microsoft Q147706, Q239869.

LM Windows 2000

LM Windows 2000 . Computer Configuration — Windows Settings — Security Settings — Local Policies — Security Options — LAN Manager Authentication Level (Send NTLMv2 Response Only). LM.

, LM . OU Domain Controllers LAN Manager Authentication Level (Send NTLMv2 response only efuse LM). , , NTLM, , , ADSC NTLM . , , LM, ds.bat . Windows 98/NT 4.0 , .

LM , LM, . , Windows 98, LMCompatibility 0, . , LM- (, LM-, ) , . .

, Windows 9x PWL, , . , , Q137826, HKEY_LOCAL_MACHINESoftware MicrosoftWindowsCurrentVersionPoliciesNetwork DisablePwdCaching 1.

LM (. Q299656). Windows 2000 SP2 , HKEY_LOCAL_MACHINESYSTEMCurrentControlSet ControlLsaNoLMHash . LM . , (. « », Windows & .NET Magazine, 1 2003 ) Microsoft 214752. %windir%infSceregvl.inf :

— [Register Registry Values]

MACHINESystemCurrentControlSetControlLsa NoLMHash,4,%NoLMHash%,0

— [Strings]

NoLMHash = «Network security: Do not store LAN Manager hash value on next password change»

regsvr32 scecli.dll .

NTLMv2. NTLMv2, Windows 9x+ADSC/NT SP4/2000/XP/2003, 9x/NT. - , , , 4 . (16- Athlon 1,4 ), 21 (http://www.blackhat.com/presentations/win-usa-02/urity-winsec02.ppt).

. LocalSystem , . , , SQL, , . , , , , . , , , .

, (. 3)

( ) , . ( — services.txt). , , . , . , sqlsrv1 sqlsrv2 Dom, SQL Server SqlSrv, Cluster0 Cluster1.

Domsqlsrv1
SqlSrvMSSQLSERVER
Domsqlsrv2
Cluster0MSSQLSERVER
Cluster1MSSQLSERVER

, , . (SQL Server, Internet Information Server, Exchange Server) , . , , SQL Server, SQL Server Authentication, ( UNICODE XOR 0xA5). IIS Basic , usa-ascii BASE64. , «» SMTP, BASIC, . , , , , IIS SMTP, .

(NTLM), SSL.

, NTLM . , Web- IIS + SQL , IIS NTLM, SQL SQL Server Authentication , (. Q248187). , .

Kerberos

Kerberos. , , ( , IIS), . , IIS Kerberos ( IIS 5.0 Internet Explorer 5.0 ) , IIS, . Micorosft Q319723. , IIS NTLM (NTAuthenticationProviders = Negotiate), Kerberos (, , IP-, FQDN) Internet Explorer NTLMv2. , Q215383 adsutil.vbs. a :

cscript adsutil.vbs set w3svc/NTAuthenticationProviders Negotiate,NTLM

Windows Server 2003 . , , . , , Kerberos. Kerberos Windows Server 2003 «Windows .NET Server Kerberos» (Windows & .NET Magazine, 2003, 2).

, Kerberos v 5, Windows 2000/XP/2003, , Lan Manager, . , . , AS-, , . , , Kerberos . , , - (a-z, A-Z, 0-9), 100 , Pentium IV 1,5 247 . Pentium IV 1,5 6,4 (http://www.brd.ie/papers/w2kkrb/feasibility_of_w2k_ kerberos_attack.htm). , .

, : A-Z, a-z, 0-9, ~-+ () ALT-. ALT- ALT . ALT- Windows 2000 Security Hardening Guide (http://www.microsoft.com/technet/security/prodtech/ Windows/Win2kHG/03OSInstl.asp).

:

  • ;
  • .

, . , . .

Active Directory , . , Computer Configuration — Windows Settings — Security Settings — Account Policies — Password Policy, , , , . . « » (Windows & .NET Magazine/RE 3, 2003), Microsoft Q151082.

. , . :

  • ;
  • (, . .);
  • ;
  • , . .

, , , , «» , Cain & Abel (http://www.oxid.it/). , .

. , , , — , , .

, , . — (Smart Card). , , , , .

— , MCSE. : Gordey@infosec.ru.

1 2 3


27/12/2011 1


«Windows IT Pro»

:

«Windows IT Pro»

c