312-50V9 · Question #120
A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?
The correct answer is C. Perform an attack with a rainbow table.. Windows Server 2003 stores passwords as LAN Manager (LM) hashes by default, which are extremely weak and can be cracked almost instantly using pre-computed rainbow tables.
Question
A company is using Windows Server 2003 for its Active Directory (AD). What is the most efficient way to crack the passwords for the AD users?
Options
- APerform a dictionary attack.
- BPerform a brute force attack.
- CPerform an attack with a rainbow table.
- DPerform a hybrid attack.
How the community answered
(27 responses)- A4% (1)
- B11% (3)
- C70% (19)
- D15% (4)
Why each option
Windows Server 2003 stores passwords as LAN Manager (LM) hashes by default, which are extremely weak and can be cracked almost instantly using pre-computed rainbow tables.
A dictionary attack must compute a hash for each candidate word at runtime, which is significantly slower than a pre-computed rainbow table lookup against the weak LM hash.
A brute force attack exhaustively tries every character combination and requires the most computation, making it the least efficient method available.
Windows Server 2003 uses LM hashes, which split passwords into two case-insensitive 7-character chunks, drastically reducing the keyspace. Pre-computed rainbow tables for LM hashes are widely available, allowing an attacker to reverse a hash through a table lookup in seconds with no computation at attack time - making rainbow tables by far the most efficient method against this hash scheme.
A hybrid attack appends brute force mutations to dictionary words but still requires on-the-fly hashing, making it less efficient than pre-computed rainbow table lookups against LM hashes.
Concept tested: LM hash weakness and rainbow table attack efficiency
Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/windows-security/prevent-windows-store-lm-hash-password
Topics
Community Discussion
No community discussion yet for this question.