MS NT Security Hole

John Boyer (
Mon, 31 Mar 1997 14:50:29 -0600

Regarding the password crack for NT. I tried it and it works. I had to
write some code to get a bigger word list, the one that comes with the
ntcrack code is not very big.

The crack code can be found at:

And it's in the news now...
Monday March 31 12:30 PM EDT

Major Security Hole Discovered in Microsoft's Windows NT Operating System

CMP's EE Times Exclusive Report Details Microsoft's Latest Woe

MANHASSET, N.Y., March 31 /PRNewswire/ -- A major security flaw has been
uncovered in Microsoft Corp flagship network operating system, Windows NT,
that could enable a user dialing in from a remote location to unscramble
encrypted information -- including a corporate network's entire registry of
user passwords -- and display it as plain text, according to an exclusive
report posted on EE Times Online (

The discovery is especially troublesome for the Redmond, Wash. software
giant because it has tried to position NT as more secure network server
than alternatives such as Unix.

According to EE Times, a pair of professional security technologists wrote
the code for the "hack" that found the flaw. The code has been verified by
several experts and is making the rounds on the Internet via an mailing
list frequented by skilled hackers with an interest in NT-security issues.

The potentially password-cracking code is the third major security flaw
found in NT in as many months and follows recent revelations of security
holes in Microsoft's Internet Explorer Web browser. The software giant's
security technology has come under closer scrutiny by the hacking community
as NT and Internet Explorer have found broader market acceptance.

Mike Nash, Microsoft's Director of Marketing for NT Server, acknowledged
the security flaw to EE Times without elaborating on a possible fix.

"It's good that people are testing our products and the best thing we can
do is increase the awareness about security to our customers," he said.
Though presented in the mailing list as a "utility tool" for NT systems
administrators, the latest hack is capable of much more.

"It's a double-edged sword," Jeremy Allison, principal author of the hack's
code. "This is a useful utility for migrating users to Unix systems from
Windows NT, but it can also enable people to see all the actual passwords,
which until now wasn't possible."

Microsoft's Nash admitted to some of that. "In this case, it is possible to
break into the system and decrypt passwords," he said. "But it requires
that you have administrative privilege."

Not so according to Yobie Benjamin, Senior Consulting Architect for
Emerging Technologies at Cambridge Technology Partners and co-author of the
code. "All that's missing is intent. If somebody wanted to crack an NT
server today, for malicious purposes or financial gain, the pieces of the
puzzle are now all there."

"NT is not as safe as it had been, because of this hack," concluded Chris
Goggans, Senior Networking Security Engineer at Wheelgroup Inc.

EE Times, published by CMP Media Inc., covers the high tech OEM industry.
The well-respected weekly delivers news of both business and technology to
engineers and technical/corporate managers at electronics and computer
systems manufacturers in the United States.

CMP Media Inc. provides publishing, marketing and information services to
the broad high-technology spectrum -- the builders, sellers and users of
technology -- through print and electronic media. All of CMP's publications
and online products can be accessed through the company's TechWeb(R) site
on the World Wide Web ( Print titles include
Computer Reseller News, InformationWeek and WINDOWS Magazine. SOURCE CMP
Media Inc.

| John Boyer
| Creative Systems Inc. (CSI)
| 1508 Marks Drive
| Hartselle, AL 35640
| (205) 751-3075 (office)
| (205) 751-3077 (fax)
| (205) 233-7998 (home)
I don't want to make the wrong mistake......