Windows XP no longer secure?

[Acanthus]

Clustering + OpenCL = hashing monster

http://securityledger.com/new-25-gpu-monster-devours-passwords-in-seconds/

The custom setup they made supports up to 125GPUs.

 

[Jodell88]

Scary, but impressive. I really should start using something like KeePassX to generate 25 character passwords or something.

 

[Zeze]

I'm familiar with topic but how does brute forcing work?

Yes you can brute force a password of local zip file with unlimited tries and no timeouts. But when does that ever happen? Most secure online interfaces have an attempt limit (3 to 5) and a time out limit.

Do hackers also infiltrate into a different UI?

 

[zokudu]

Link does not work for me.

 

[lxskllr]

I'm familiar with topic but how does brute forcing work?

Yes you can brute force a password of local zip file with unlimited tries and no timeouts. But when does that ever happen? Most secure online interfaces have an attempt limit (3 to 5) and a time out limit.

Do hackers also infiltrate into a different UI?

You get the hashes through a data breach, and crack them offline.

 

[Acanthus]

I'm familiar with topic but how does brute forcing work?

Yes you can brute force a password of local zip file with unlimited tries and no timeouts. But when does that ever happen? Most secure online interfaces have an attempt limit (3 to 5) and a time out limit.

Do hackers also infiltrate into a different UI?

Passwords are brute forced locally. It is not the same as just trying to log in over and over.

 

[Zeze]

You get the hashes through a data breach, and crack them offline.

Passwords are brute forced locally. It is not the same as just trying to log in over and over.

I see. Then how do you breach them to begin with, if the breaching password has the same password strength?

 

[darkewaffle]

No way man Windows XP was the only good version of windows ever.

 

[lxskllr]

I see. Then how do you breach them to begin with, if the breaching password has the same password strength?

Lots of ways. You can exploit servers to bypass credentials for whole databases, or you can exploit people through social engineering.

 

[Zeze]

Lots of ways. You can exploit servers to bypass credentials for whole databases, or you can exploit people through social engineering.

Ah thank you. Right, there can be so many ways, even through stupidity of people.

 

[zokudu]

Ah thank you. Right, there can be so many ways, even through stupidity of people.

Isn't a largo portion of hacking done by social engineering?

 

[rasczak]

Non story imo. LM and NTLM have been broken for years.

 

[Acanthus]

Non story imo. LM and NTLM have been broken for years.

While i agree with that... This takes it from difficult but attainable to completely trivial.

 

[lxskllr]

Non story imo. LM and NTLM have been broken for years.

I think the method is more interesting than the details. GPUs are pretty cheap, and a setup like this would be very approachable for organized crime.

 

[darkewaffle]

While i agree with that... This takes it from difficult but attainable to completely trivial.

For one guy or one group. Actually from the sounds of the article he harvested some pretty unknown tech ("Virtual Open Cluster") and had to actually work directly with the developer of it to make it compatible with the cracking program and GPUs he was using. Article makes no mention of whether or not the changes made are private or publicly available though.

Point being, cracking of this caliber could already be achieved simply by throwing enough hardware at it. This is more of a marker for efficiency and cost however, but is also (seemingly) a fairly proprietary solution. Not something you could just up and re-create easily.

 

[rsutoratosu]

This is awesome, we use to do password audits using LC5, not being sold anymore, and doesn't work for 2008 I think. We use to audit 2003 ad servers and find most password were Pass1word, Password1 - 9, qwert, qwerty & etc. to fully crack all the password on the domain takes like2 days, this will probably do it in like an hour

yeah the key would be gaining physical access to get that password file offline and do your cracking..

 

[Broheim]

Isn't a largo portion of hacking done by social engineering?

the weakest link in the security chain is humans. we spend a great deal of effort at work educating our users about password etiquette and such but I still have to deal with the security breaches caused by stupid users.

 

[OVerLoRDI]

So this is what people are doing with all the bitcoin gpus now that there reward has halved and asics are coming online.

 

[PingSpike]

I see. Then how do you breach them to begin with, if the breaching password has the same password strength?

A major loophole is that most people use the same user name and password for everything because there's 10,000 different sites you use that need logins. So if you break into the crappiest and largest available database, brute force it offline and then use the resulting passwords on other sites you can indirectly brute force your way onto bank sites and the like without ever having directly compromised their site.

Sure, you won't have all the the credentials because many people do have different user names and passwords...but you'll have a lot of them I'd imagine.

 

[Jeff7]

Lots of ways. You can exploit servers to bypass credentials for whole databases, or you can exploit people through social engineering.

- "I'm the IT guy here, there's some network maintenance issue going on. I need the server login so I can fix it.

"Really? I didn't get anything yet."

- "Oh yeah, well he just sent it, so maybe you didn't get it yet."

"Right, right, sometimes e-mails are a bit slow here. Ok, here you go. And here's the full admin-level pass too, just in case you need that."


And then you find that the passwords are stored on the server as plaintext on an unencrypted partition. Once you're past the perimeter defenses, there's absolutely nothing else in your way.

 

[unokitty]

I see. Then how do you breach them to begin with, if the breaching password has the same password strength?

In order to compromise your security, the article in the OP requires that your XP machine's SAM database already be available. That is, your machine has to have already been compromised.

If you have physical access to the XP machine, its not difficult to grab the SAM. Here is an old youtube video that demonstrates that. Though, there are other ways to obtain the SAM as well.

After obtaining the SAM file, you could use John the Ripper or a similar tool to crack the hashes. (Cracking the hash gives you the password.) Newer techniques such as using Rainbow Tables can reduce the cracking time as well.

The article the OP refers to is just another way to crack the hash.

If the intruder can't get your SAM file, they can't crack your hashes.

Uno

 

[Red Squirrel]

To crack a password in Windows you don't even need to know the password... just overwrite it. There are Linux tools that will do this. Boot with a CD, and it lets you write a new password to the SAM, then you can login as administrator.

 

[Jeffg010]

To crack a password in Windows you don't even need to know the password... just overwrite it. There are Linux tools that will do this. Boot with a CD, and it lets you write a new password to the SAM, then you can login as administrator.

You can also just delete that sam file and it will just boot into the system with admin. We use to do this all the time on windows 2000 when someone forgot their password and when the admin password did not work.

 

[PingSpike]

To be fair, if you have physical access to the PC the show is pretty much over unless there's some encryption going on. You can just toss a disk into another PC and take full access to the drive at that point.

 

[Red Squirrel]

You can also just delete that sam file and it will just boot into the system with admin. We use to do this all the time on windows 2000 when someone forgot their password and when the admin password did not work.

Ha interesting, did not know this. But yeah does not really matter the OS if you have physical access you can pretty much do anything provided you have the right tools. Encryption will slow you down but you can eventually get in with brute force and automated processes.