312-50V13 · Question #118
A user on your Windows 2000 network has discovered that he can use L0phtcrack to sniff the SMB exchanges which carry user logons. The user is plugged into a hub with 23 other systems. However, he is u
The correct answer is B. Kerberos is preventing it.. On a Windows 2000 network, L0phtcrack is unable to sniff SMB logons on a hub because Kerberos authentication, used in Active Directory environments, prevents the transmission of traditional NTLM password hashes over the network.
Question
Options
- AThere is a NIDS present on that segment.
- BKerberos is preventing it.
- CWindows logons cannot be sniffed.
- DL0phtcrack only sniffs logons to web servers.
How the community answered
(25 responses)- A4% (1)
- B84% (21)
- C8% (2)
- D4% (1)
Why each option
On a Windows 2000 network, L0phtcrack is unable to sniff SMB logons on a hub because Kerberos authentication, used in Active Directory environments, prevents the transmission of traditional NTLM password hashes over the network.
While a Network Intrusion Detection System (NIDS) might detect an attack, it does not prevent the sniffing of traffic itself, which is the user's immediate problem in capturing logons.
In a Windows 2000 Active Directory environment, Kerberos is the default authentication protocol. Kerberos uses a ticket-based system for authentication, meaning that the user's password hash is not transmitted directly over the network during logon, unlike NTLM. This prevents tools like L0phtcrack from sniffing usable password hashes from SMB exchanges, even on a hub where traffic is broadcast.
Windows logons can indeed be sniffed if NTLM authentication is used, especially on older systems or non-Kerberos enabled environments, making this statement generally false.
L0phtcrack is primarily designed to crack Windows passwords, including those from SMB, not specifically logons to web servers, which often use different authentication mechanisms.
Concept tested: Kerberos preventing SMB password sniffing
Source: https://learn.microsoft.com/en-us/windows-server/security/credentials/kerberos-authentication-overview
Topics
Community Discussion
No community discussion yet for this question.