legal contact
 

What we find in a windows server environment

MS Windows stores it's account credentials in something called hash.

This hash is a scrambled version of your password which is not reversable in it's calculation. With other words, once you have the hash of your password you (usually) cannot back-calc the cleartext from that.

The trick to get knowledge of the used Password, is to use the original algorythm and compute a new password with a known cleartext and check if the computed hash matches the one you found.
Sounds like a time consuming job, well it is. But there are shortcuts.

Hopefully there is no need to talk about any Windows Server version prior to 2003. If you are unhappy enough to have to run one of this outdated systems, it's sad enough. The fact that your users having weak password on that kind of system is most probably your smallest problem.

So let's start to talk about how Windows stores passwords in it's several versions.

Prior WinXP, Windows 2K Server, LM hashes are enabled by default

Administrator:500:01FC5A6BE7BC6929AAD3B435B51404EE:0CB6948805F797BF2A82807973B89537:::

Greater or equal Windows 7, Window 2K3 Server, NTLM hashes are enabled by Default:

Administrator:500:NO PASSWORD*********************:0CB6948805F797BF2A82807973B89537:::

Since Windows Server 2008, a hash can also be created by using something called "salt". I'll talk about that a bit later as it would confuse up things.