The fourth day was all about Windows password hashes. The video tutorial by Greg demonstrated how to access the local SAM database on a running computer and how to access the local and domain SAM database offline. I thought I knew a few things about this, but I was surprised to learn that Windows uses rather basic techniques to protect passwords. The hashes are calculated using a proprietary one-way function (the LM hash) and MD4 (the NT hash).
The operating system attempts to put some blocks in place to prevent access to the SAM and SYSTEM files, but with the techniques covered in the Day 3 Challenge, those are relatively easily circumvented.
This has certainly convinced me to check our domain policy and ensure that LM hashes are not being stored! There is a group policy setting that can be used to prevent an LM hash from being created the next time a user stores a password. This day, I really doubt anyone would have a legitimate reason to use LM hashes.
I did score 100% on the knowledge assessment, so I consider that another win.