A CALL TO ACTION
Windows laggards still using the vulnerable hashing function: Your days are numbered.
Credit: Getty Images
Security firm Mandiant has released a database that allows any administrative password protected by Microsoft’s NTLM.v1 hash algorithm to be hacked in an attempt to nudge users who continue using the deprecated function despite known weaknesses.
The database comes in the form of a rainbow table, which is a precomputed table of hash values linked to their corresponding plaintext. These generic tables, which work against multiple hashing schemes, allow hackers to take over accounts by quickly mapping a stolen hash to its password counterpart. NTLMv1 rainbow tables are particularly easy to construct because of NTLMv…
A CALL TO ACTION
Windows laggards still using the vulnerable hashing function: Your days are numbered.
Credit: Getty Images
Security firm Mandiant has released a database that allows any administrative password protected by Microsoft’s NTLM.v1 hash algorithm to be hacked in an attempt to nudge users who continue using the deprecated function despite known weaknesses.
The database comes in the form of a rainbow table, which is a precomputed table of hash values linked to their corresponding plaintext. These generic tables, which work against multiple hashing schemes, allow hackers to take over accounts by quickly mapping a stolen hash to its password counterpart. NTLMv1 rainbow tables are particularly easy to construct because of NTLMv1’s limited keyspace, meaning the relatively small number of possible passwords the hashing function allows for. NTLMv1 rainbow tables have existed for two decades but typically require large amounts of resources to make any use of them.
New ammo for security pros
On Thursday, Mandiant said it had released an NTLMv1 rainbow table that will allow defenders and researchers (and, of course, malicious hackers, too) to recover passwords in under 12 hours using consumer hardware costing less than $600 USD. The table is hosted in the Google cloud. The database works against Net-NTLMv1 passwords, which are used in network authentication for accessing resources such as SMB network sharing.
Despite its long- and well-known susceptibility to easy cracking, NTLMv1 remains in use in some of the world’s more sensitive networks. One reason for the lack of action is that utilities and organizations in industries including health care and industrial control often rely on legacy apps that are incompatible with more recently released hashing algorithms. Another reason is that organizations relying on mission-critical systems can’t afford the downtime required to migrate. Of course, inertia and penny-pinching are also causes.
“By releasing these tables, Mandiant aims to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1,” Mandiant said. “While tools to exploit this protocol have existed for years, they often required uploading sensitive data to third-party services or expensive hardware to brute-force keys.”
Microsoft released NTLMv1 in the 1980s with the release of OS/2. In 1999, cryptanalyst Bruce Schneier and Mudge published research that exposed key weaknesses in the NTLMv1 underpinnings. At the 2012 Defcon 20 conference, researchers released a tool set that allowed attackers to move from untrusted network guest to admin in 60 seconds, by attacking the underlying weakness. With the 1998 release of Windows NT SP4 in 1998, Microsoft introduced NTLMv2, which fixed the weakness.
Organizations that rely on Windows networking aren’t the only laggards. Microsoft only announced plans to deprecate NTLMv1 last August.
Despite the public awareness that NTLMv1 is weak, “Mandiant consultants continue to identify its use in active environments,” the company said. “This legacy protocol leaves organizations vulnerable to trivial credential theft, yet it remains prevalent due to inertia and a lack of demonstrated immediate risk.”
The table first assists attackers in providing the proper answer to a challenge that Windows sends during the authentication process by using a known plaintext attack with the challenge 1122334455667788. Once the challenge has been solved, the attacker obtains the Net-NTLMv1 hash and uses the table to rapidly crack it. Typically tools including Responder, PetitPotam, and DFSCoerce are involved.
In a thread on Mastodon, researchers and admins applauded the move, because they said it would give them added ammunition when trying to convince decision makers to make the investments to move off the insecure function.
“I’ve had more than one instance in my (admittedly short) infosec career where I’ve had to prove the weakness of a system and it usually involves me dropping a sheet of paper on their desk with their password on it the next morning,” one person said. “These rainbow tables aren’t going to mean much for attackers as they’ve likely already got them or have far better methods, but where it will help is in making the argument that NTLMv1 is unsafe.”
The Mandiant post provides basic steps required to move off of NTLMv1. It links to more detailed instructions.
“Organizations should immediately disable the use of Net-NTLMv1,” Mandiant said. Organizations that get hacked because they failed to heed will have only themselves to blame.
Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.