Results 1 to 8 of 8

Thread: LM Hash different on WinXP and Win7

  1. #1
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    4

    Default LM Hash different on WinXP and Win7

    I noticed that the LM hash of the same password on WinXP is different than the one on Win 7. Using Metasploit (run hashdump) for example with the password "pass-w0rd", we got the following hashes:
    WinXP:
    a824903ef6ab871802657a8d8ef025e2:fac374e2461f3e432 cd4c560dd183671

    On Win 7 systems, they are all different:
    ae6b29b9f354a26d6e29f53173b0c7a1:d4dd8cd6f14c445e0 a16b3c08a2bf341
    or
    be7248be0caf22327a7798efba346fb7:1a9d81b177c19a206 5eaee8cbe9689ce

    Anyone?

  2. #2
    Member
    Join Date
    Feb 2010
    Posts
    78

    Default Re: LM Hash different on WinXP and Win7

    A quick Google will answer this question. Also this topic has nothing to do with Backtrack.
    Computer security is a temporary condition.

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default Re: LM Hash different on WinXP and Win7

    Did you ever find out the answer? This one sparked my curiosity and sure couldn't find anything out by googling it. I don't have any windows 7 systems, but it was my understanding that they still don't salt the hash, although lm is disabled by default. On my xp and vista box the nt hashes match for the same password.

    Do you get the same result using pwdump?
    Last edited by Kx499; 01-27-2011 at 04:43 PM.

  4. #4
    Junior Member
    Join Date
    Aug 2010
    Posts
    34

    Default Re: LM Hash different on WinXP and Win7

    Windows Vista and up uses NTLM for hashing, which is much more secure.

    Windows XP and below uses LM hashing, which is very insecure.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: LM Hash different on WinXP and Win7

    Quote Originally Posted by falseteeth View Post
    Windows Vista and up uses NTLM for hashing, which is much more secure.

    Windows XP and below uses LM hashing, which is very insecure.
    Actually, most versions of Windows since Windows NT have supported both hashing protocols, with passwords being stored in both formats. LM hashes have been disabled by default in Vista and above, so unless specifically enabled, passwords will not be stored in LM formats on these systems. There are also settings an admin can use to disable LM storage of passwords in a number of these older Windows systems.

    See here.
    Last edited by lupin; 01-28-2011 at 03:03 PM.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  6. #6
    Junior Member
    Join Date
    Jan 2010
    Posts
    35

    Default Re: LM Hash different on WinXP and Win7

    I didn't realize both has types were used as far back as Windows NT...learn something new everyday

    Here's my .02 cents on it: Although the NT hash is a step in the right direction I'd be hard pressed to call it secure until M$ decides to implement a salt. Until then I guess a long password is our best defence in the windows world. I believe anything less than a length of 8 can be cracked pretty easily using rainbow tables right now.

    Anyways, I still wonder why th OP is getting different results with hashdump on the two boxes. I noticed a similar question on the metasloit mailing list, makes me want to go grab a copy of 7 and try it out myself....
    Last edited by Kx499; 01-29-2011 at 04:10 AM.

  7. #7
    Just burned his ISO
    Join Date
    Dec 2010
    Posts
    4

    Default Re: LM Hash different on WinXP and Win7

    I suggest that someone actually get two Win 7 systems - one 32-bit and one 64-bit to test out our findings. Notice that both Win 7 and the Win XP were part of the AD domain in our tests where no specific Group Policy were set to disable LM authentication. We used the Metasploit psexec exploit with the "Domain Admin" account and password to "compromise" all 3 systems. When in the meterpreter sessions, run the "run hashdump" script. Now u will see none of the three hashes (LM:NTLM hashes) are the same.
    Let assume for a moment that the Win 7 systems only allow NTLM authentication, then why even the NTLM part of the hashes from the Win 7 systems are different ? Check it out.

  8. #8
    Just burned his ISO
    Join Date
    Apr 2011
    Posts
    1

    Default Re: LM Hash different on WinXP and Win7

    Quote Originally Posted by stking View Post
    I noticed that the LM hash of the same password on WinXP is different than the one on Win 7. Using Metasploit (run hashdump) for example with the password "pass-w0rd", we got the following hashes:
    WinXP:
    a824903ef6ab871802657a8d8ef025e2:fac374e2461f3e432 cd4c560dd183671

    On Win 7 systems, they are all different:
    ae6b29b9f354a26d6e29f53173b0c7a1:d4dd8cd6f14c445e0 a16b3c08a2bf341
    or
    be7248be0caf22327a7798efba346fb7:1a9d81b177c19a206 5eaee8cbe9689ce

    Anyone?
    I am having the exact issue - only I'm using FGDump. Many of the accounts have the same NT hash, and the same password, but the LanManager hashes are different. These were dumped from a Server 2008 domain controller. Very strange.

Similar Threads

  1. BT4 + Win7 diff HDD's
    By Magoozle in forum Beginners Forum
    Replies: 1
    Last Post: 07-07-2010, 08:26 PM
  2. [Video]Explotando Bug de Win7 con Bt4
    By Progresive Death in forum BT Videos - ES
    Replies: 0
    Last Post: 02-14-2010, 09:41 AM
  3. HOW TO:vmware+win7+ bt4
    By Klipata in forum OLD Newbie Area
    Replies: 0
    Last Post: 01-23-2010, 08:58 PM
  4. 2 HDD boot BT4 & Win7
    By ghost6699 in forum OLD Newbie Area
    Replies: 0
    Last Post: 11-17-2009, 02:49 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •