|
In cryptanalysis and computer security, pass the hash is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case. After an attacker obtains a valid user name and user password hash values (somehow, using different methods and tools), they are then able to use that information to authenticate to a remote server/service using LM or NTLM authentication without the need to brute-force the hashes to obtain the cleartext password (as it was required before this technique was published). The attack exploits an implementation weakness in the authentication protocol in that the password hashes are not salted, and therefore remain static from session to session until the password is next changed. This technique can be performed against any server/service accepting LM or NTLM authentication, whether it is running on a machine with Windows, Unix, or any other operating system. ==Description== On systems/services using NTLM authentication, users' passwords are never sent in cleartext over the wire. Instead, they are provided to the requesting system, such as a domain controller, as a hash in a response to a challenge-response authentication scheme. Native Windows applications ask users for the cleartext password, then call APIs like LsaLogonUser that convert that password to one or two hash values (the LM and/or NT hashes) and then send that to the remote server during NTLM authentication.〔Note that Windows may use Kerberos authentication by default.〕 Analysis of this mechanism has shown that the cleartext password is not required to complete network authentication successfully, only the hashes are needed. If an attacker has the hashes of a user's password, they do not need to brute-force the cleartext password; they can simply use the hash of an arbitrary user account that they have harvested and execute a side channel attack to authenticate against a remote system and impersonate that user. In other words, from an attacker's perspective, hashes are functionally equivalent to the original passwords that they were generated from. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Pass the hash」の詳細全文を読む スポンサード リンク
|