Still Passing the Hash 15 Years Later? Using the Keys to the Kingdom to Access All your Data

Presented at Black Hat USA 2012, July 26, 2012, 10:15 a.m. (60 minutes)

Kerberos is the cornerstone of Windows domain authentication, but NTLM is still used to accomplish everyday tasks. These tasks include checking email, sharing files, browsing websites and are all accomplished through the use of a password hash. Skip and Chris will utilize several tools that have been ÒenhancedÓ to connect to Exchange, MSSQL, SharePoint and file servers using hashes instead of passwords. This demonstrates the "so what" of losing control of the domain hashes on your domain controller: all of your data can be compromised.

Presenters:

• Christopher Campbell
• Alva Duckwall

Links:

• https://www.blackhat.com/html/bh-us-12/bh-us-12-archives.html#Duckwall
• https://media.blackhat.com/bh-us-12/Briefings/Duckwall/BH_US_12_Duckwall_Campbell_Still_Passing_Slides.pdf
• https://media.blackhat.com/bh-us-12/Briefings/Duckwall/BH_US_12_Duckwall_Campbell_Still_Passing_WP.pdf
• https://media.blackhat.com/bh-us-12/Briefings/Duckwall/BH_US_12_Duckwall_Campbell_Still_Passing_Code.zip

Similar Presentations:

• May Contain Hackers (MCH2022) / Bring Your Own IDentity
• DerbyCon 2.0 Reunion (2012) / “Puff, Puff, Pass: Getting the Most Out of Your Hash” An Intro to Linux Post-Exploitation Fun With Windows Hashes
• ToorCamp 2014 / Dr. Microsoft, How I learned to stop worrying and love NTLM.