On Nov 2, 2014, at 4:30 PM, Philip Guenther <[email protected]> wrote:
> On Sun, Nov 2, 2014 at 4:05 PM, Nex6|Bill <[email protected]> wrote: >> I know, that pass the hash is now getting a lot of playtime on windows. and >> I have heard in a couple of talks >> that its directly related to SSO part of the OS, and may be part of posix? > > Nope. It's just a bad (as in, completely broken) design for the NTLM > and LanMan authentication protocols. So, any machine/OS thats authenticating to a PtH vulnerable protocol namely Lanman/NTLM would be vulnerable to this no matter the OS. what about kerberos? (windows K5 vs Unix K5?) > > >> is OpenBSD, or BSD in general vulnerable to these style attacks? > > The vulnerability is the authentication protocol/method, independent > the operating system. > If you used NTLM or LanMan password authentication on OpenBSD, you > would be vulnerable. > You would also have to be insane. > > >> or just the normal unix dump the password /etc/passwd table for offline attacks sorts of >> stuff? > > For the authentication methods in base, correct. so, for OpenBSD you would have to get the /etc/passwd for an offline attack on the password hashes and for that they would need a user account to logon to the system. Or to have compromised the system in such a way as they could copy /etc/passwd. other types of attacks would be brut force against SSHD sorts of stuff which could be detected and mitagated. > > > Philip Guenther [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
