• FAQs
• Articles
• Tutorials
• Web Tools
• Reference
• Blog
• Proxy
• Software
• Cell Phones

• Microsoft Windows FAQs
• How do I add a user to Windows?
• How do I use the Windows XP Recovery Console?
• What is the Blue Screen of Death?
• How do I recover a boot record in XP?
• What are the DOS Commands?
• How do I disable Windows Messenger?
• How do I uninstall Windows Messenger?
• How do I map a network drive?
• What is Windows Media Center?
• What is Active X?
• What is an Active X control?
• What is DirectX?
• What is the DirectX SDK?
• How do I install DirectX?
• How do I uninstall DirectX?
• What is the .NET framework?
• What is Windows Mobile?
• What is remote desktop?
• How do I Setup a Remote Desktop web connection?
• What is Windows Remote Access?
• What is Connection Manager?
• What are desktop themes?
• What is Tweak UI?
• How do I read Windows log files?
• How do I clean the registry?
• What is a free registry cleaner?
• What are Windows Registry hacks?
• What is HyperTerminal?
• What is Windows Genuine Advantage?
• How do I remove WGA?
• What is a Windows Protection Error?
• What is the "0x800a0007 Windows Update Error?"
• What is the "0x800a138f Windows Update Error?"
• What is 15-80070057?
• What is error 1603?
• What is error 678?
• What is error 734?
• What is error 721?
• What is error 1706?
• What is error 1721?
• What is error 1933?
• What is "Data Error Cyclic Redundancy Check"?
• What is "Error Loading Operating System"?
• What is "Error Number: 0x800CCC0E"?
• What is msdtc.exe?
• How do I save streaming audio Windows media?
• What are the Windows Vista requirements?
• What are Microsoft Product Keys?
• How do I use the Windows Vista Activation Wizard?
• How does Microsoft Office 2003 Activation work?
• How do I convert PowerPoint to DVD?
• What does "Failed To Access Windows Installer Components" mean?
• How does Windows file swapping work?
• How do I change Windows swap file settings?
• How do I change my Windows password?
• How do I change the XP admin password?
• How do I recover a lost Windows password?
• How can I recover a lost Windows NT Administrator password?
• How do I audit Windows NT passwords?
• How does the Microsoft Windows 3.1 password encryption work?
• How do I access the Windows NT/2000/XP password file?
• How do I monitor Windows Server 2003?
• How does Internet Authentication Service work?
• What are shared folder permissions?
• How do I configure NTFS quotas?
• What happens to NTFS permissions when you copy or move files?
• What is DFS?
• What are NetBIOS names?
• What is a NetBIOS node type?
• What is WINS?
• How does WINS replication work?
• How do I backup and restore a WINS database?
• What is Active Directory?
• How do I maintain Active Directory?
• How do I backup Active Directory?
• How do I delegate Administrator privileges in Active Directory?
• What is Active Directory replication?
• What are Active Directory groups?
• What is group policy?
• What are a tree and forest?
• What are operations masters?
• What are directory partitions?
• What is a global catalog?
• What is the global catalog in Active Directory?
• What is the logical structure of an Active Directory?
• What is the physical structure of an Active Directory?
• What is replication toplogy?
• What are Active Directory organizational units?
• What are Active Directory authentication types?
• How do I Create a Drive Image?
• What does "Device Driver has corrupted the executive memory pool" mean?
• What is an I/O Device Error?
• How does Vista activation work?
• What is wmiprrvse.exe?
• How do I Register a DLL?
• How do I View Registered DLLs?
• How do I auto-hide the taskbar using the registry?
• How do I check my Hard Drive Capacity in Windows XP?
• How do I Enable the Windows Vista Administrator Account?
• How do I install a CoDec in Windows XP?
• How do I install a screensaver in Vista?
• How do I limit Internet Access in Windows XP user accounts?
• How do I Partition Drives in Vista?
• How do I Remove the Concurrent Connections Limit in Windows XP?
• How do I Save Desktop Icons in Windows XP?
• How do I Turn off My Computer in Vista?
• How do I turn the screensaver off in Windows XP?
• How do I uninstall Windows OneCare in Vista?
• How does Sharing Files in Vista work?
• How do I remove all personal files from Windows?
• How do I verify a Windows CD is legal?
• How do I find the Windows Version on a PC?
• How do I find my Windows XP Product Key?
• How do I check Hard Drive capacity in Windows?
• How do I print the Windows Task Manager?
• How do I share a printer?
• How do I change the font color in Windows Explorer?
• How do I set a Static IP Address in Windows?
• How do I open TCP Ports in Windows?
• How do I erase a Hard Drive in Windows?
• What is dllhost.exe?
• What is spooldr.sys?
• How do I uninstall Vista?
• How do I Remove IPv6 in Vista?
• How do I speed up Vista?
• How do I Remove the Administrative Mode in Vista?
• How do I change Vista icons?
• How do I undelete in Windows?
• How do I replace Vista with XP?
• What is NTLDR?
• What does "NLDR is Missing" mean?
• How do I scan disk?
• Where is Scan Disk in Win XP?
• How do I use Quick Launch in Windows Vista?
• How do I Change the Taskbar Color?
• How do I Change the Taskbar Font?
• How do I Delete Search History?
• How do I increase virtual memory?
• What is the Windows Taskbar?
• What is ctfmon?
• What is svchost?
• What is csrss?
• What is alg?
• What is Microsoft Windows?
• What is hpboid.exe?
• What is ReadyBoost?
• How do you install fonts?
• Why is my computer so slow?
• Why is sndvol32.exe essential in a PC?
• Main Menu
• » Networking
• » Physical Layer
• » Data Link Layer
• » Network Layer
• » Network Security
• » Wireless Networks
• » VoIP
• » Telephony
• » Mobile Telephony
• » Electronics
• » Radio
• » Television
• » Cryptology
• » Passwords
• » Smart Cards
• » Privacy
• » Malware
• » Vulnerabilities
• » Unix
• » Macintosh
• » Microsoft Windows
• » The Web
• » Web Publishing
• » E-mail
• » Instant Messaging
• » Databases
• » Computer Hardware
• » CPU's
• » Memory
• » Storage
• » Video
• » Audio
• » Multimedia
• » Satellite
• » Java
• » IT Management
• » Science
• » Miscellaneous

How do I Audit Windows NT/2000/XP Passwords?

Microsoft Windows NT/2000/XP passwords are encrypted as 32-bit one-way hashes using the MD4 messages digest algorithm. This is similar to the way that Unix stores passwords, although the hashing algorithm is a different one.

For compatibility with legacy Microsoft LAN Manager software, Windows NT/2000/XP also stores the passwords redundantly as a 56-bit DES (Data Encryption Standard) hash. This 56-bit hash is created by splitting the password into two 7-character uppercase strings, and then converting each to a 56-bit DES key which both then encrypt the string "KGS!@#$%" and concatenating the results. This hash is usually referred to as the NTLM hash. This algorithm is extremely poorly designed and impacts Windows network security in a significantly negative manner.

Windows NT/2000/XP passwords are vulnerable to a dictionary attack. This is much the same as attacking Unix passwords using a wordlist.

In addition, NTLM passwords are vulnerable to a brute force attack. This means that every password on the system can be retrieved.

Windows NT/2000/XP Password Auditing Programs

The best password auditing programs for Windows NT/2000/XP passwords are currently:

OpenWall's John the Ripper with Olle Segerdahl's NTLM patch:

John the Ripper is a fast password auditor, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt(3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP LM hashes, plus several more with contributed patches.

Cain & Abel:

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, auditing encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

Purchase these excellent books on Windows security at Amazon.com

Bookmark How do I Audit Windows NT/2000/XP Passwords? Latest Blog Posts Windows 7 Forum Boston College: Ability to Use a Command Line is a Sign of Criminal Activity Google Hacked? Recycle your old phone – Make some money, and save the environment too! SourceForge vs. Freshmeat Fastest Web Browser: Google Chrome New Webmaster Forum Ubuntu Security Tools Terrorists Go Hi-Tech How to Dry a Cell Phone That's Come in Contact with Water English German Spanish French Italian Portuguese Russian Dutch Greek Hindi Japanese Korean Chinese Chinese (Simplified) Arabic Copyright 2009 Tech-FAQ. All rights reserved. Privacy Policy.