module
NTP Timeroast
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
Windows authenticates NTP requests by calculating the message digest using the NT hash followed by the first
48 bytes of the NTP message (all fields preceding the key ID). An attacker can abuse this to recover hashes
that can be cracked offline for machine and trust accounts. The attacker must know the accounts RID, but
because RIDs are sequential, they can easily be enumerated.
48 bytes of the NTP message (all fields preceding the key ID). An attacker can abuse this to recover hashes
that can be cracked offline for machine and trust accounts. The attacker must know the accounts RID, but
because RIDs are sequential, they can easily be enumerated.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.