Notices by Lars Karlslund :verified: (lkarlslund@infosec.exchange)

I've been tinkering with 8.7 billion passwords the last couple of weeks - and done lots of thinking, coding and debugging too. This resulted in a cool thing that I'm sharing today.

Here's the technical background: On the Windows platform your stored passwords are hashed as NTLM, which is basically just a Microsoft way of saying "MD4 sum of the UTF16 encoded password". As this was invented more than 25 years ago, this algorithm is simple.

Here's why this matters: When hackers break into your network, both configuration mistakes and weak passwords are in the very top of risks that enable a successful way for bad guys to get control over everything.

This is how you can remedy this: When I do Active Directory assessments, some of the time I also do a password audit, to find accounts that use the same password or highly privileged accounts with way too simple passwords. And I don't really care about regular users, but the ones that impact security do matter.

This is the challenge: To crack these passwords requires equipment and machine power, as going from an NTLM hash to a password is not something you can do by other means than throwing some GPU power after it. You simply try any password you can imagine, and compare it to the NTLM hash - it takes some time, and you don't get all passwords (complex ones survive these attacks).

And here's my solution: There is a faster way - maybe not providing you with exactly the same results - but it trades some of the precision with less time and hardware required. Because NTLM hashing is "unsalted", it means that the password 123456 will have the exact same hash on any system you encounter in the world. So why not just look the most obvious ones up in a database?

Now you can, because I coded up a specialized database, grabbed everything I could find from leaks, dictionaries and wordlists on the internet, and compiled it up for you.

It's free to use, there is no sign up required - and you can look up 1 password every second (batch look up 1000 in a few seconds every 15 minutes if you're in a hurry). It's even easy to use from command line using curl or PowerShell if you're into that.

Have fun, and I hope it can help make the world safer a little step at a time. If you like this, please re-share and spread the word (not the password!)

https://ntlm.pw/

For Adalanche users:

I'm very unsure whether adding every account in an AD to the "Authenticated Users" group was a good decision or not. It does show the massive impact this group has, but it also clutters large graphs.

Any input?

@horse @ChrisTruncer yes, there's an option to do that in the LDAP library in my fork, not sure if they implemented that in the main one. In my commercial version I've implemented the Windows API, but unfortunately that's not open source

@patrickcmiller just like the rest of us

My 2nd attempt at a parallel robotic gripper now features a pressure banana - how kinky is that

I really wish I knew what I was doing.

Like all the time.

"Do we have an adapter that changes the one that's missing one corner to the one that's missing two corners?"

A friend gave me a broken laptop, with no clear problem description. There was no charger, so after rummaging around in my stuff, I found an HP charger that should work. The laptop was fine, but even though it said "charging" and had s an orange LED the battery stayed in 0% ... Reinstalling, BIOS update etc. didn't help, and the only stuff on YouTube was garbage. So it either the battery or the motherboard. Let's disassemble the battery!

So measuring voltage across the cells shows 0V output from the battery, and 1.2V across all cells (they should be around 12V to 16V). So the battery collapsed, it could still be the motherboard though. Anyway, I'm replacing the cells with some others I pulled from some laptops. After removing the old ones, I carefully weld new-old ones back.

This is my very much improvised battery welder. It's the transformer from a microwave, some heavy duty wire and a Sonoff wifi switch which I've programmed to switch on for 200ms and then off when I press the black button. Very ghetto, but it works really great.

@verb battery welder! It transforms the 230V AC down to 2V or so, just with a huge amount of amps. It welds nickel tabs to the end of batteries, mostly without the risk of dying while you use it. There are lots of instructions on how to build this on the internet.

OMG how have I been shaving all these years without this?

@alyssam_infosec this is a cat parent problem, not a cat problem :-)

I can recommend screwing a hook into the ceiling, and wire the tree to the hook. We have two cats, and no toppled trees ever. Super simple fix!

Do you want to spend December getting familiar with a new programming language, but not sure where to start?

Advent Of Code offers daily puzzles, which you can solve using any programming language.

(Maybe that's how you'll become familiar with Go, @horse?)

https://adventofcode.com/2022/

Adalanche: Improved Domain Controller auto-detection and selection in Adalanche.

You can now supply a list of servers on the command line, or Adalanche will detect them from DNS itself. Then it tries to connect to each of them in turn, until it finds a usable one.

It doesn't honor the Sites & Services lookup yet, but this should work fine until then.

It should probably handle different errors differently, i.e. login errors should just error out instantly. Feedback is welcome!

#adalanche -> https://github.com/lkarlslund/Adalanche

Twitter queen of graphql doesn't take any shit