What really happens when you login to a Network

ipndrmath · Oct 20, 2006

From the when you type in your user name and password and click "ok" to when you are presented with your active desktop what happens? How are the passwords transfered... I know that local passwords are stored in the SAM in the registry, but where are the remote passwords stored? What encryption methods are posssible? How might these passwords be extracted? Could I view the shares on these domain computers?

Please be technical...

If you have a website you know of, inform me.

P.S. : I'm talking about a local LAN.

~Professor

CrossCech · Oct 25, 2006

For someone who uses the signature ~Professor, shouldn't we be asking you this?

DJ-CHRIS1 · Oct 25, 2006

ipndrmath said:
From the when you type in your user name and password and click "ok" to when you are presented with your active desktop what happens? How are the passwords transfered... I know that local passwords are stored in the SAM in the registry, but where are the remote passwords stored? What encryption methods are posssible? How might these passwords be extracted? Could I view the shares on these domain computers?

Please be technical...

If you have a website you know of, inform me.

P.S. : I'm talking about a local LAN.

~Professor

The passwords are stored on the domain controllers remote SAM. If you have a good reason to figure this stuff out i'll help you over msn or aim.

Password extraction would involve connecting to the remote admin$ or c$ share and stealing the passwords, however an admin (Or poweruser too, I believe) account can only do this.

No encrpytion, LANMAN2 and Kerebros are possible encryption method's.

Viewing shares is easy on domain computers, I use a program like Cain & Abel to detect every single remote share on a computer, as well as usernames and groups usually.

Denier-of-Soup · Oct 25, 2006

CrossCech said:
For someone who uses the signature ~Professor, shouldn't we be asking you this?

Would you expect an electrician to be able to perform open heart surgery? No? Why not?

UK31337 · Oct 25, 2006

DJ-CHRIS said:
The passwords are stored on the domain controllers remote SAM. If you have a good reason to figure this stuff out i'll help you over msn or aim.

Password extraction would involve connecting to the remote admin$ or c$ share and stealing the passwords, however an admin (Or poweruser too, I believe) account can only do this.

No encrpytion, LANMAN2 and Kerebros are possible encryption method's.

Viewing shares is easy on domain computers, I use a program like Cain & Abel to detect every single remote share on a computer, as well as usernames and groups usually.

You're wrong in one respect - NT based Domain Controllers don't use SAM, they use something stronger (can't remember offhand what it is).

When you log into the system, Windows encrypts your password using a pre-defined encryption algorithm (possibly something like NTLM), and the hash is sent rather than the original plaintext password. If the hash stored against your username matches the hash your machine sent, then it's a successful login, and I think a login token is sent back, and your machine downloads your personal settings etc.

Although you should really know this if you're supposed to be teaching folk how to do it.

DJ-CHRIS1 · Oct 25, 2006

I guess your right, the passwords on a domain controller would be stored encrypted inside the directory right?

bilbus · Nov 1, 2006

the password is not sent over the network. An encrypted hash of the password is sent (its salted)

What really happens when you login to a Network

ipndrmath

Beta member

CrossCech

Daemon Poster

DJ-CHRIS1

Golden Master

Denier-of-Soup

In Runtime

UK31337

Fully Optimized

DJ-CHRIS1

Golden Master

bilbus

In Runtime

Similar threads