Secondly, and more importantly, the algorithm pads the password to 14 characters, and then splits it into two 7 character strings, which are hashed separately (using DES). Firstly, it is case insensitive, with all letters being converted to uppercase, which greatly reduces the possible keyspace. The LM hashing algorithm is very old, and is considered very insecure for a number of reasons. Windows stores passwords using two different hashing algorithms – LM (Lan Manager) and NTLM (NT Lan Manager). If you’re not interested in the background, feel free to skip this section. Hash Typesįirst a quick introduction about how Windows stores passwords in the NTDS.dit (or local SAM) files.
Now we need to crack the hashes to get the clear-text passwords. In part 1 we looked how to dump the password hashes from a Domain Controller using NtdsAudit.
