Upload
others
View
15
Download
0
Embed Size (px)
Citation preview
• Description: whether you are in favor or
against it, the Windows NT OS does not let
any IT engineer nor researcher indifferent.
• This week we will focus on the
authentication mechanisms in a
Microsoft environment: SSPI, Kerberos,
NTLM
• Lecturer: Fabien Duchene
Windows security for n00bs | part 2 Authentication
SecurIMAG
2011-05-12
WARNING: SecurIMAG is a security club at Ensimag. Thoughts,
ideas and opinions are not related to Ensimag. The authors
assume no liability including for errors and omissions.
¡¡_ (in)security we trust _!!
Grenoble INP
Ensimag
Summary
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• 3. Authentication (Fabien)
• 4. Network (Fabien)
Authentication
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Winlogon
• SSPI
• AuthZ API
• Identity stores: o Active Directory LDAP
o Security Account Manager
• Authentication protocols o Theory: NSPK
o Kerberos
o LM
o NTLM
• Password Policy
Identity stores
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Security Account Manager
• Active Directory
Services Account Manager
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• HKLM\SAM
• LOCAL database containing Security Principals: o Users
o Groups
• LSASS.exe (Windows XP, Vista & 7) o On Windows XP - DLL: SAMSRV.DLL
Services Account Manager - visualization
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Graphically: lusrmgr.msc
Services Account Manager - visualization
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Command line: C:\Users\alejandr0>net localgroup
Aliases for \\PC-LIG-ALEJ
---------------------------------------
*Administrators
*Backup Operators
*Cryptographic Operators
*Distributed COM Users
*Event Log Readers
*Guests
*HomeUsers
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Replicator
*Users
The command completed successfully.
Active Directory
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• LDAP
• Stores objects
ADDS – joining a domain
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
WinLogon
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Names & architecture:
• XP: MSGINA
• Vista,7: CredentialProviders
• Features:
• SAS: Secure Attention Sequence (ctrl+alt+del)
• User profile load
• NTUSER.DAT -> HKEY_Current_User
• Screensaver
• Window station & Desktop protection (RDP)
11
3.4.1.3. Authentification – Windows
XP
• SSPI: permet à des applications d’établir un canal sécurisé
LSA
Winlogon
GINA
Package
d’authentification
Application
SSPI
Negotiate
SSP
Kerberos
SSP
NTLM
SSP
Schannel SSP
Digest
Windows XP
API authentification : SSPI
API carte à puce : PC/SC
API biométrie : BioApi
Security Support
Provider Interface
Authentication – Windows NT 6+
Technical overview of the Microsoft PKI ADCS 2008 R2
Technical overview of the Microsoft PKI ADCS 2008 R2
Windows NT security, Cunsheng Ding HKUST, Hong Kong, CHINA
Impersonation & delegation
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Impersonation
• Delegation
LM
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• LM hash = 16 bytes
NTLM
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Identity store: ADDS, SAM
• Challenge-response
• No delegation (credential forwarding)
• Client only authentication
Get the LM / NTLM hash
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Tools such as pwdump
C:\Windows\system32>pwdump7
Pwdump v7.1 - raw password extractor
Author: Andres Tarasco Acuna
url: http://www.514.es
Administrator:500:NO PASSWORD*********************:31D6CFE0D16AE931B73C59D7E0C089C0:::
Guest:501:NO PASSWORD*********************:NO PASSWORD*********************:::
adm-alejandr0:1001:NO PASSWORD*********************:7F761738135F8792D63143CE3A3ED65F:::
HomeGroupUser$:1002:NO PASSWORD*********************:C203A517500BAEFA571A0FA78767EF63:::
alejandr0:1003:NO PASSWORD*********************:E011DD6FDA2C0954E210726960862FDC:::
SeDebug privilege default permissions
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
How does that crap work?
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Requirements:
• Ability to elevate (ie a member of the local SAM group
Administrtators)
• LSASS (user process ; identity: SYSTEM)
• Method:
• Elevate
• Get the SE_DEBUG privilege in your token
• Inject
• Access the live SAM_SECURITY registry hive
NTLMv2
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
AuthZ API
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
NSPK
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
NPSK - attack
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Replay attack
Denning, Dorothy E.; Sacco, Giovanni Maria (1981). "Timestamps in key distributed protocols".
Communication of the ACM
4.1.3. Kerberos
26 4MMSR - Network Security - 2010-2011
• Protocole authentification, autorisation, développé par le MIT (Projet ATHENA), ~ Single-Sign-On
• Version actuelle: v5 RFC4120
• Hypothèse: le réseau peut être non sûr
• Basé sur l’existence d’un tiers de confiance, le KDC (« Key Distribution Center »
• Cryptographie
• principlament symétrique
• éventuellement assymétrique (eg: auth. par carte à puce)
• Déclinaisons:
• MIT Kerberos
• Microsoft Kerberos, Windows NT (>=2000)
• Heimdal Kerberos, Suède
Kerberos & Herakles
(Cerbère & Hercules)
4.1.3. Kerberos: authentication & service access
27 4MMSR - Network Security - 2010-2011
User /
computer
Identity provider,
Authentication Server
GC
Service Server
(eg: issuing CA)
Ticket Grantig Service
TGS
1
“I am Mossen. I
need a Ticket to Get
Tickets” (TGT)
Key Distribution Center (KDC)
Here is a TGT you will only
be able to decrypt if you
know the shared secret
(user/comp. pwd)
2 3
I want to access the
“Issuing CA” service.
Here is a proof I
decrypted the TGT
4
Here is a Service Ticket
containing your
information for accessing
the Issuing CA service
UserSID -------------------------
GroupMembershipsSIDs
Service
Ticket 5
6 Service communication
Introduction to the Microsoft PKI ADCS 2008 R2 (2011), Fabien Duchene, Sogeti-ESEC
4.1.3. Kerberos: authentification du client (1,2)
28 4MMSR - Network Security - 2010-2011
• Client_ID: Security Principal Name (username, computername…)
• [msg]key: chiffrement de msg avec la clé key
• K_client: hash du mot de passe du client (user/ comp.)
• K_client-TGS: session key generated by the AS
User /
computer
Identity provider,
Authentication Server
1 1: Client_ID
2.1: [Client-TGS_Session_key], K_client
2.2: “Ticket-to-Get-Ticket”
[client_ID, client_FQDN, TGT_validity_period, K_client-TGS]K_TGS
2
Knows:
K_client
Knows:
K_client
K_TGS
K_cli-TGS
KDC
4.1.3. Kerberos: accès au service (5,6)
29 4MMSR - Network Security - 2010-2011
• Client-to-Server ticket: [client_ID,client_FQDN,TCS_validity_period,K_client-svc] K_req_svc
• K_client-SS: session key between the client and the SS
User /
computer
Knows:
K_client
K_client-SS
Service Server
(eg: issuing CA)
6:[timestamp_in_5.2 + 1]K_client-SS : “OK, I can serve you”
6
5 5.1: “Client-to-Server ticket”
5.2: “Authenticator-2”
[Client_ID,timestamp]K_client-SS
7 Is timestamp=timestamp_5.2+1?
If so, I can trust that service
4.1.3. Kerberos – Accès inter-domaine
30 4MMSR - Network Security - 2010-2011
• Une relation de confiance est établie par le biais d’une
clé partagée entre domaines, grâce à laquelle des
referals tickets (TGT inter-domaine) sont envoyés
corp.ensimag.fr domaine..phelma.fr
User /
comput
er
Service Server
(eg: issuing CA)
TGS 1
2
AS
3
4 5
6
“ TRUSTING domain “
contains ressources/SS “ TRUSTED domain “
contains identities
K_AS(ensimag)-TGS(phelma)
TGT inter-domaine
4.1.3. Kerberos: Smart Card authentication
31 4MMSR - Network Security - 2010-2011
• Client_ID: Security Principal Name (username, computername…)
• [msg]key: chiffrement de msg avec la clé key
• K_client_pub,K_client_priv: paire de clé assymétrique
• K_client-TGS: session key generated by the AS
User /
computer
Identity provider,
Authentication Server
1 1: [Client_ID]K_client_PRIV
2.1: [Client-TGS_Session_key], K_client_PUB
2.2: “Ticket-to-Get-Ticket”
[client_ID, client_FQDN, TGT_validity_period, K_client-TGS]K_TGS
2
Knows:
K_client_PUB
K_client_PRIV
Knows:
K_client_PUB
K_TGS
K_cli-TGS
KDC
4.1.3. Kerberos et Windows: API et appels
32 4MMSR - Network Security - 2010-2011
Kerberos dependencies
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• OS : Windows ≥ 2000
• TCP/IP
• DNS – DC authorities localization
• Active Directory – autorité
• NTP: clock synchronization
• SPN (Service Principal Names): ressources localization
4.1.3. Kerberos: optimisations
34 4MMSR - Network Security - 2010-2011
• Optimisations
• Les tickets et le clés de sessions sont en cache sur le client
• Un mécanisme permet d’obtenir des tickets sans avoir à redonner son mot de passe o Ticket-Granting-Ticket (TGT) a faible durée de vie
o Le KDC donne des tickets sur présentation du TGT
• Paramètres par défaut
• Validité TGT=10H
• Validité TGS= 10H
• Différence de 5 minutes MAX entre client, AS, TGS, SS synchronisation NTP
Kerberos threats
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Threats
• single-point of failure: if only one KDC
• impersonation: if at least one KDC compromised. Any user could be impersonated
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
4.1.3. Kerberos – some threats and attacks
37 4MMSR - Network Security - 2010-2011
Taming the Beast Assess Kerberos-Protected networks, Emmanuel Bouillon, Black-Hat 2009
• KDC spoofing
• Weak cipher
• Replay attacks
• Steal the hash!
• Pass the ticket
Kerberos Attacks
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• KDC spoofing: old PAM_KRB5 implementation (no
authorization)
Weak cipher
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Cipher: DES (weak) initially used. Negotiation not authenticated
• Get a ticket
• Bruteforce it (assuming the cipher)
• Counter-measure:
• Windows 7: DES disabled for Kerberos authentication
Replay attack: sniff and resend 5.
KRB_AP_REP
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
o KRB_AP_REP: validity duration (generally 5 minutes), source IP
o Service Server stores a cache of requests. Multiple identitical
KRP_AP_REP are ignored
Ticket cache attack (“file” on the client system)
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Attacks assumptions:
• Debug privilege (by default, only members of the
local SAM Administrators groups are allowed)
• LSASS.exe is a process (user ; SYSTEM)
• Attack goals:
• Get cached hashes
• Method:
Get that hash - method
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Elevate
• Get the SE_DEBUG privilege in your token
• Inject
Q
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
Pass the ticket
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Pass the Ticket: ability to authenticate on the client. Only Microsoft
implementation is vulnerable and not yet corrected.
Attacking and fixing the Microsoft Windows
Kerberos login service
Tommaso Malgherini and Riccardo Focardi
Universit`a Ca’ Foscari, Venezia
Kerberos – basic hardening
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Hash computation:
• Stronger cipher (AES-128,256 instead of DES)
Kerberos - Hardening - lifetime
SecurIMAG - Windows security for n00bs | part 1 - Fabien
Duchene - 2011-05-12
• Ticket lifetime:
NTLM vs Kerberos: scalability
Client Server
NTLM Authority
Client Server
AD Authority
AS TGS
1 n
n
n
n
Kerberos • Less client-server exchanges
• No real-time server<-> authority exchanges
(only during the SPN registration)
• Scalability
NTLM