Windows security for n00bs part 2 Authentication

Transcription

1 Grenoble INP Ensimag _ (in)security we trust _!! SecurIMAG Windows security for n00bs part 2 Authentication Description: whether you are in favor or against it, the Windows NT OS does not let any IT engineer nor researcher indifferent. This week we will focus on the authentication mechanisms in a Microsoft environment: SSPI, Kerberos, NTLM Lecturer: Fabien Duchene WARNING: SecurIMAG is a security club at Ensimag. Thoughts, ideas and opinions are not related to Ensimag. The authors assume no liability including for errors and omissions.

2 Summary 3. Authentication (Fabien) 4. Network (Fabien)

3 Authentication Winlogon SSPI AuthZ API Identity stores: o Active Directory LDAP o Security Account Manager Authentication protocols o Theory: NSPK o Kerberos o LM o NTLM Password Policy

4 Identity stores Security Account Manager Active Directory

5 Services Account Manager HKLM\SAM LOCAL database containing Security Principals: o Users o Groups LSASS.exe (Windows XP, Vista & 7) o On Windows XP - DLL: SAMSRV.DLL

6 Services Account Manager - visualization Graphically: lusrmgr.msc

7 Services Account Manager - visualization Command line: C:\Users\alejandr0>net localgroup Aliases for \\PC-LIG-ALEJ *Administrators *Backup Operators *Cryptographic Operators *Distributed COM Users *Event Log Readers *Guests *HomeUsers *IIS_IUSRS *Network Configuration Operators *Performance Log Users *Performance Monitor Users *Power Users *Remote Desktop Users *Replicator *Users The command completed successfully.

8 Active Directory LDAP Stores objects

9 ADDS joining a domain

10 WinLogon Names & architecture: XP: MSGINA Vista,7: CredentialProviders Features: SAS: Secure Attention Sequence (ctrl+alt+del) User profile load NTUSER.DAT -> HKEY_Current_User Screensaver Window station & Desktop protection (RDP)

11 Authentification Windows XP SSPI: permet à des applications d établir un canal sécurisé Windows XP Security Support Provider Interface Winlogon GINA Application SSPI API authentification : SSPI API carte à puce : PC/SC API biométrie : BioApi Package d authentification LSA Negotiate SSP SSP Schannel SSP SSP Digest NTLM Kerberos 11

12 Authentication Windows NT 6+ Technical overview of the Microsoft PKI ADCS 2008 R2

13 Windows NT security, Cunsheng Ding HKUST, Hong Kong, CHINA Technical overview of the Microsoft PKI ADCS 2008 R2

14 Impersonation & delegation Impersonation Delegation

15 LM LM hash = 16 bytes

16 NTLM Identity store: ADDS, SAM Challenge-response No delegation (credential forwarding) Client only authentication

17 Get the LM / NTLM hash Tools such as pwdump C:\Windows\system32>pwdump7 Pwdump v7.1 - raw password extractor Author: Andres Tarasco Acuna url: Administrator:500:NO PASSWORD*********************:31D6CFE0D16AE931B73C59D7E0C089C0::: Guest:501:NO PASSWORD*********************:NO PASSWORD*********************::: adm-alejandr0:1001:no PASSWORD*********************:7F F8792D63143CE3A3ED65F::: HomeGroupUser$:1002:NO PASSWORD*********************:C203A517500BAEFA571A0FA78767EF63::: alejandr0:1003:no PASSWORD*********************:E011DD6FDA2C0954E FDC:::

18 SeDebug privilege default permissions

19 How does that crap work? Requirements: Ability to elevate (ie a member of the local SAM group Administrtators) LSASS (user process ; identity: SYSTEM) Method: Elevate Get the SE_DEBUG privilege in your token Inject Access the live SAM_SECURITY registry hive

20 NTLMv2

21 AuthZ API

22 NSPK

23 NPSK - attack Replay attack Denning, Dorothy E.; Sacco, Giovanni Maria (1981). "Timestamps in key distributed protocols". Communication of the ACM

24 Kerberos Kerberos & Herakles (Cerbère & Hercules) Protocole authentification, autorisation, développé par le MIT (Projet ATHENA), ~ Single-Sign-On Version actuelle: v5 RFC4120 Hypothèse: le réseau peut être non sûr Basé sur l existence d un tiers de confiance, le KDC («Key Distribution Center» Cryptographie principlament symétrique éventuellement assymétrique (eg: auth. par carte à puce) Déclinaisons: MIT Kerberos Microsoft Kerberos, Windows NT (>=2000) Heimdal Kerberos, Suède 26 4MMSR - Network Security

25 Kerberos: authentication & service access Identity provider, Authentication Server Key Distribution Center (KDC) GC I am Mossen. I need a Ticket to Get Tickets (TGT) 2 Here is a TGT you will only 1 be able to decrypt if you know the shared secret (user/comp. pwd) 3 I want to access the Issuing CA service. Here is a proof I decrypted the TGT Ticket Grantig Service TGS 4 Here is a Service Ticket containing your information for accessing the Issuing CA service User / computer 5 Service Ticket UserSID GroupMembershipsSIDs 6 Service communication Service Server (eg: issuing CA) 27 4MMSR - Network Security Introduction to the Microsoft PKI ADCS 2008 R2 (2011), Fabien Duchene, Sogeti-ESEC

26 Kerberos: authentification du client (1,2) Client_ID: Security Principal Name (username, computername ) [msg]key: chiffrement de msg avec la clé key K_client: hash du mot de passe du client (user/ comp.) K_client-TGS: session key generated by the AS KDC Knows: K_client K_TGS K_cli-TGS Knows: K_client 1 1: Client_ID 2 Identity provider, Authentication Server User / computer 2.1: [Client-TGS_Session_key], K_client 2.2: Ticket-to-Get-Ticket [client_id, client_fqdn, TGT_validity_period, K_client-TGS]K_TGS 28 4MMSR - Network Security

27 Kerberos: accès au service (5,6) Client-to-Server ticket: [client_id,client_fqdn,tcs_validity_period,k_client-svc] K_req_svc K_client-SS: session key between the client and the SS Knows: K_client K_client-SS 5 5.1: Client-to-Server ticket 5.2: Authenticator-2 [Client_ID,timestamp]K_client-SS 6 Service Server (eg: issuing CA) 6:[timestamp_in_ ]K_client-SS : OK, I can serve you User / omputer 7 Is timestamp=timestamp_5.2+1? If so, I can trust that service 29 4MMSR - Network Security

28 Kerberos Accès inter-domaine Une relation de confiance est établie par le biais d une clé partagée entre domaines, grâce à laquelle des referals tickets (TGT inter-domaine) sont envoyés TRUSTING domain contains ressources/ss TRUSTED domain contains identities Service Server (eg: issuing CA) corp.ensimag.fr 30 4MMSR - Network Security K_AS(ensimag)-TGS(phelma) AS domaine..phelma.fr TGS TGT inter-domaine 4 2 User / comput er

29 Kerberos: Smart Card authentication Client_ID: Security Principal Name (username, computername ) [msg]key: chiffrement de msg avec la clé key K_client_pub,K_client_priv: paire de clé assymétrique K_client-TGS: session key generated by the AS Knows: K_client_PUB K_client_PRIV 1: [Client_ID]K_client_PRIV 2 1 KDC Knows: K_client_PUB K_TGS K_cli-TGS Identity provider, Authentication Server User / computer 2.1: [Client-TGS_Session_key], K_client_PUB 2.2: Ticket-to-Get-Ticket [client_id, client_fqdn, TGT_validity_period, K_client-TGS]K_TGS 31 4MMSR - Network Security

30 Kerberos et Windows: API et appels 32 4MMSR - Network Security

31 Kerberos dependencies OS : Windows 2000 TCP/IP DNS DC authorities localization Active Directory autorité NTP: clock synchronization SPN (Service Principal Names): ressources localization

32 Kerberos: optimisations Optimisations Les tickets et le clés de sessions sont en cache sur le client Un mécanisme permet d obtenir des tickets sans avoir à redonner son mot de passe o Ticket-Granting-Ticket (TGT) a faible durée de vie o Le KDC donne des tickets sur présentation du TGT Paramètres par défaut Validité TGT=10H Validité TGS= 10H Différence de 5 minutes MAX entre client, AS, TGS, SS synchronisation NTP 34 4MMSR - Network Security

33 Kerberos threats Threats single-point of failure: if only one KDC impersonation: if at least one KDC compromised. Any user could be impersonated

34

35 Kerberos some threats and attacks KDC spoofing Weak cipher Replay attacks Steal the hash! Pass the ticket Taming the Beast Assess Kerberos-Protected networks, Emmanuel Bouillon, Black-Hat MMSR - Network Security

36 Kerberos Attacks KDC spoofing: old PAM_KRB5 implementation (no authorization)

37 Weak cipher Cipher: DES (weak) initially used. Negotiation not authenticated Get a ticket Bruteforce it (assuming the cipher) Counter-measure: Windows 7: DES disabled for Kerberos authentication

38 Replay attack: sniff and resend 5. KRB_AP_REP o KRB_AP_REP: validity duration (generally 5 minutes), source IP o Service Server stores a cache of requests. Multiple identitical KRP_AP_REP are ignored

39 Ticket cache attack ( file on the client system) Attacks assumptions: Debug privilege (by default, only members of the local SAM Administrators groups are allowed) LSASS.exe is a process (user ; SYSTEM) Attack goals: Get cached hashes Method:

40 Get that hash - method Elevate Get the SE_DEBUG privilege in your token Inject

41 Q

42 Pass the ticket Pass the Ticket: ability to authenticate on the client. Only Microsoft implementation is vulnerable and not yet corrected. Attacking and fixing the Microsoft Windows Kerberos login service Tommaso Malgherini and Riccardo Focardi Universit`a Ca Foscari, Venezia

43 Kerberos basic hardening Hash computation: Stronger cipher (AES-128,256 instead of DES)

44 Kerberos - Hardening - lifetime Ticket lifetime:

45 NTLM vs Kerberos: scalability NTLM NTLM Authority Client n Server n AD Authority AS TGS 1 n Client Kerberos Less client-server exchanges No real-time server<-> authority exchanges (only during the SPN registration) Scalability n Server