Last Attempt CEH-001 Questions

The LM hash is computed as follows.

1. The user’s password as an OEM string is converted to uppercase.

2. This password is either null-padded or truncated to 14 bytes.

3. The “fixed-length” password is split into two 7-byte halves.

4. These values are used to create two DES keys, one from each 7-byte half.

5. Each of these keys is used to DES-encrypt the constant ASCII string “KGS!@#$%”, resulting in two 8-byte ciphertext values.

6. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.

The hashes them self are sent in clear text over the network instead of sending the password in clear text.

Brute force attacks are performed with tools that cycle through many possible character, number, and symbol combinations to guess a password. Since the token allows offline checking of PIN, the cracker can keep trying PINS until it is cracked.

When looking at an extracted LM hash, you will sometimes observe that the right most portion is always the same. This is padding that has been added to a password that is less than 8 characters long.

As a hacker you don’t want to leave any traces that could lead back to you.