CrackMapExec icon indicating copy to clipboard operation
CrackMapExec copied to clipboard

Published 20 hours ago verified publisher icon byt3bl33d3r

Module to check for NTLMv1 Compatibility

Open Tw1sm opened this issue 2 years ago • 2 comments

Added a small module to query the target's LmCompatibilityLevel to determine if the target allows NTLMv1 auth.

Example: image

This check queries the registry which requires admin privileges - makes it more ideal for auditing systems that still allow NTLMv1 than locating boxes you can laterally move to (unfortunately)

Tw1sm avatar Sep 15 '22 22:09 Tw1sm

Great idea ! However from what I understand NTLMv1 is also enabled if LmCompatibilityLevel is set to 2.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level

SAERXCIT avatar Sep 16 '22 08:09 SAERXCIT

Great idea ! However from what I understand NTLMv1 is also enabled if LmCompatibilityLevel is set to 2.

https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level

Great catch, modified to include level 2

Tw1sm avatar Sep 16 '22 14:09 Tw1sm

thanks for the module :) Tested in my lab, all good for me I will merge it probably next week. thanks @SAERXCIT for the review !

mpgn avatar Sep 23 '22 13:09 mpgn

This is so cool and something I've been wanting for a looong time but never tried to implement myself. Thank you @Tw1sm !

0xAsh avatar Oct 20 '22 15:10 0xAsh