Results 1 to 4 of 4

Thread: Security Encryption for usernames, hashes and Samba transfers

  1. #1
    Join Date
    Dec 2007

    Security Encryption for usernames, hashes and Samba transfers

    I just recently became fully aware of how easy it is to get the password hashes from a Samba server or a domain controller. Breaking them is basically effortless with rainbow tables. I guess this can only be done with administrative privileges, but these can be gained easily through a 1.7m iso file that resets all NT admin passwords. So it is easy to elevate privileges and get passwords.

    Now, I want to know if there is a way around this or a way to secure this. Can the username and password has be sniffed from the network when a user requests a file or logs onto a samba server? When does the network transfer the username and hash? Can this be secured by encrypting all network traffic somehow? I would think this may be possible through something like SSH from machine to machine. So does that make the samba method overtly insecure?

    Would encrypting the files that store the hashes make the system more secure? Is this even possible? Would encrypting the entire samba server OS be the key?

    Help me out here. I'm a little fuzzy on the details but I have spotted the security risks and want to learn how to implement better security measures with samba.

    Also, how can someone grab windows passwords off hashes from a windows machine, via the network. I think this is how my friend got ALL the usernames and passwords for his whole company and got his SYS admin in trouble for a lack of security.

    If you can answer any questions here, I'd love it, or can you point me to a good guide for this?
    Abit IP35 Pro, E6750, 4GB Ram, XFX Nvidia 8600, 4 Raptors, 4 500GB WD's, 2 250GB WD's, Plextor Sata
    P4 2.53Ghz, 2GB Ram, 5 160GB WD's, 2 120GB HD's
    P4 2.6Ghz, 2GB Ram, 2 120GBHD, 3 80GB HD

  2. #2
    Join Date
    Jun 2006
    Kubuntu Jaunty Jackalope (testing)

    Re: Security Encryption for usernames, hashes and Samba transfers

    how do you get them from a samba server or domain controller?

  3. #3
    Join Date
    Dec 2006

    Re: Security Encryption for usernames, hashes and Samba transfers

    I'm not sure how easy it would be to retrieve password hashes from sniffed traffic. If you have an NT or NTLM hash, you can crack it easily. This means on a Windows machine, you can crack passwords for local accounts (not domain users).

    I think there is a way to crack passwords for domain users who have their profiles cached on the client if you have admin privileges on the client.

    If you have root privileges on the samba server, you can easily retrieve the hashes.
    sudo pdbedit -L -w
    If samba can see the hashes, so can root. You can encrypt /var/lib/samba, but this would only protect you from someone with physical access, and would require you to enter a password after a reboot.

    Maybe your friend retrieved passwords by sniffing unencrypted web or e-mail authentication? If anyone knows about sniffing passwords from samba's authentication, I would like to hear it.

  4. #4
    Join Date
    Dec 2006
    Ubuntu 8.04 Hardy Heron

    Re: Security Encryption for usernames, hashes and Samba transfers

    Samba over ssh is possible, but I honestly haven't tried it just yet. Here's some articles I found very quickly:

    Hope that helps!


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts