Mandiant releases rainbow table that cracks weak admin password in 12 hours

B

ByteQuill

Security Firm Mandiant Releases Rainbow Table to Crack Weak Admin Passwords in Under 12 Hours

In a move aimed at nudging users who continue to use the deprecated NTLMv1 hashing function, security firm Mandiant has released a rainbow table that can crack weak admin passwords in under 12 hours using consumer hardware costing less than $600 USD.

The database, known as an NTLMv1 rainbow table, is a precomputed table of hash values linked to their corresponding plaintext. This generic table allows hackers to take over accounts by quickly mapping a stolen hash to its password counterpart. The limited keyspace of the NTLMv1 hashing function makes it particularly easy to construct such tables.

Despite being well-known for its weaknesses, NTLMv1 remains in use in some sensitive networks due to inertia and a lack of demonstrated immediate risk. Microsoft only announced plans to deprecate the protocol last August, but Mandiant consultants continue to identify its use in active environments.

The release of the rainbow table is intended to lower the barrier for security professionals to demonstrate the insecurity of Net-NTLMv1. While tools to exploit this protocol have existed for years, they often required uploading sensitive data to third-party services or expensive hardware to brute-force keys.

Using the newly released database, defenders and researchers can now recover passwords in under 12 hours using consumer-grade hardware. This move provides added ammunition for security professionals when trying to convince decision-makers to migrate from the insecure function.

Microsoft released NTLMv1 in the 1980s with the release of OS/2 and later exposed its weaknesses through research by cryptanalyst Bruce Schneier and Mudge in 1999. The protocol was eventually replaced by NTLMv2, which fixed the weakness. However, organizations that rely on Windows networking are still vulnerable to trivial credential theft due to inertia and a lack of demonstrated immediate risk.

The tables first assist attackers in providing per-byte hash results with the known plaintext challenge 1122334455667788. This allows them to compromise accounts using single DES with 56 bits of the user's secret key at a time. While NTLMv2 is still weak, it is not subject to rainbow tables due to its response function including 64 bits of random entropy supplied by the client.

Organizations that fail to heed this warning will have only themselves to blame if they get hacked. Mandiant advises organizations to immediately disable the use of Net-NTLMv1 and provide basic steps required to move off of the insecure function, linking to more detailed instructions.
 
i'm low-key worried about this rainbow table being released lol 🀣 i mean, think about it, it's just gonna make hacking easier for bad guys... like, what's next? making a list of all the super secure passwords people use on their vacation accounts? πŸ€” seriously though, shouldn't we be focusing on creating better security measures instead of just releasing more tools for hackers to exploit? 🚨
 
πŸ˜’ I'm not sure I buy this "helpful" move from Mandiant. So, they're releasing a rainbow table that can crack weak admin passwords in under 12 hours using consumer hardware... and suddenly that's supposed to make security professionals all like "Oh no, we need to fix this ASAP"? πŸ€”

I mean, come on, organizations knew about the weaknesses of NTLMv1 back in 1999 when Bruce Schneier and Mudge exposed them. Why are they still using it now? πŸ˜’ It's not like Microsoft just announced its deprecation last August... that was already a heads up for people who pay attention.

And what's with all the hype around this "consuming-grade" hardware costing less than $600? πŸ€‘ That's still way more than most small businesses or even some home users can afford. Are we supposed to believe that Mandiant is doing us all a favor by making it easier for hackers to crack our passwords? πŸ’”

I need some concrete numbers and stats on how many accounts have actually been compromised using this protocol before I'll start jumping up and down about the "threat" of NTLMv1. Otherwise, I'm just gonna keep watching from the sidelines... πŸ‘€
 
🚨 I'm not surprised to see Mandiant drop this rainbow table - it's been a ticking time bomb for years! 🀯 NTLMv1 is basically begging to be cracked with its tiny keyspace, and now anyone can do it in under 12 hours using consumer hardware. It's like Microsoft left the door wide open on purpose... πŸ˜’

I mean, I get it, inertia is real, but that's exactly why we need more tools like this to demonstrate the risks. It's not just about being paranoid; it's about taking responsibility for security. If you're still using NTLMv1, you're basically saying 'oh, I don't care about my users' sensitive data'. That's just reckless πŸ€¦β€β™‚οΈ.

I hope Mandiant's advice to organizations is taken seriously - disabling NTLMv1 and upgrading to NTLMv2 (or even better) shouldn't be a hassle. If it takes 12 hours or less to crack your admin passwords, you're already compromised 🚫. Let's get serious about security! πŸ’»
 
I don’t usually comment but it’s crazy how much of a security risk using NTLMv1 is still 🀯. Like, Microsoft has been warning about this for years and some people just won't listen. The fact that Mandiant can crack these passwords in under 12 hours with consumer-grade hardware is just wild πŸ’₯. I feel bad for the folks who are stuck in these insecure networks because of inertia or lack of knowledge. They need to act fast before their accounts get compromised 🚨. It's a good thing Mandiant is releasing this rainbow table to help them see the error of their ways πŸ“.
 
oh man, just heard about this rainbow table thingy released by Mandiant 🀯 it's wild that security firms are basically giving hackers a free handout to crack weak admin passwords in under 12 hours using super affordable hardware πŸ’Έ i mean, NTLMv1 is like the ancient cousin of password hashing functions and it's crazy some organizations still haven't bailed on it yet πŸ™„ anyway, i hope this release gets ppl to take security seriously and migrate from that insecure function ASAP πŸ”’
 
Ugh, can't believe I'm seeing this out in the wild πŸ€¦β€β™‚οΈ. Security firms like Mandiant are basically just making it easier for hackers to get into systems by releasing these tools. And now they're doing it with a rainbow table that's like, ridiculously easy to use πŸ˜’. $600 USD is nothing, and I mean nothing, for a decent graphics card and some RAM. Just think about all the users who are gonna fall for this thinking that their admin passwords are safe πŸ’€. Mandiant should be trying to help people, not enabling hackers. I mean, what's next? They're gonna release a tool to crack WEP/WPA too? 🀯
 
I mean, great job Mandiant for releasing a rainbow table that's like, literally making it easy for hackers to crack weak admin passwords. I'm sure this is exactly what we all need – another reason for our admins to freak out and change their passwords... again πŸ€¦β€β™‚οΈ. It's not like this is something that should've been done years ago when the protocol was first released in the 80s... but hey, better late than never, right? πŸ‘€ The fact that it only takes under 12 hours to crack these passwords using consumer-grade hardware is just mind-boggling. I mean, who needs a Ph.D. in cryptography when you've got a decent GPU and some precomputed tables? πŸ’»
 
🚨 You know how some people are always saying we need stricter regulations on tech companies? Well, this whole NTLMv1 debacle is like a perfect example of that! I mean, come on, Microsoft released this ancient protocol back in the 90s and just kinda left it sitting there for years. Meanwhile, hackers are just chillin' with their rainbow tables, waiting to pwn some poor admin's account. And what really grinds my gears is that some orgs are still using this toxic tech because they're too lazy to upgrade. It's like, don't you guys know that inaction is a form of policy? We need more accountability from the big corps and less finger-pointing at individual employees who might not be aware of the risks. And can we talk about how this whole thing highlights the importance of continuous cybersecurity education? 🀯
 
I'm not sure if I'd say it's a good thing that someone has made a super powerful tool to crack those weak admin passwords lol πŸ€¦β€β™‚οΈ. On one hand, it's great that security firm Mandiant is helping to spread awareness about the dangers of using NTLMv1 and making it easier for security pros to demonstrate its weaknesses.

At the same time, I worry that this might just make some people think, "oh, it's not a big deal, my admin password is probably okay" πŸ™…β€β™‚οΈ. But honestly, if you're still using NTLMv1, you should probably be like, "oh no, I need to fix this ASAP!" 😬.

I guess what I'm saying is that while the rainbow table is a useful tool, it's also kind of like shining a bright light on a security problem that some people might not want to acknowledge πŸ”¦.
 
Come on, are you kidding me? πŸ™„ A security firm releasing a rainbow table that can crack weak admin passwords in under 12 hours is actually a good thing for hackers! It's like they're giving them a free pass to test their systems and find vulnerabilities. I mean, who needs to use secure protocols when it's just going to be cracked anyway? πŸ€·β€β™‚οΈ And what's with the "oh no, NTLMv1 is insecure" hype? It's not like it's a new protocol or anything... everyone knew about its weaknesses back in 1999. Let's not be too hard on the old tech just because it's been around for decades. πŸ’»
 
🚨 I'm getting a major security headache just reading this... A rainbow table that can crack weak admin passwords in under 12 hours? That's not exactly 'nudging' people into upgrading, that's basically holding their hand and saying "hey, you're doing it all wrong". $600 for consumer hardware is still not cheap. And honestly, I'm kinda impressed they made it possible to brute-force these weak passwords so easily. What's next, a 'how to' guide on making a decent password? πŸ€¦β€β™‚οΈ We need to stop relying on outdated tech and start taking security seriously! πŸ’»
 
OMG you guys πŸ”₯, I'm literally shaking my head over here! Can't believe some orgs are still rockin' that outdated NTLMv1 πŸ€¦β€β™‚οΈ. It's been out since the 90s and we know it's a security nightmare πŸ’€. Like, come on folks! Mandiant just dropped this rainbow table thingy that can crack those weak admin passwords in under 12 hours using consumer hardware costing less than $600 😲. That's crazy quick! πŸš€

And honestly, I'm not surprised many orgs are still using it because inertia is a real thing πŸ’ͺ. Microsoft has been trying to get rid of it for years but people just don't wanna move on ⏱️. Meanwhile, hackers are having a field day exploiting this weakness 😈.

I feel bad for all the security pros out there who have to deal with these vulnerable orgs 🀯. Mandiant's move is actually kinda awesome though - it's like they're providing a service to help orgs see just how insecure NTLMv1 really is πŸ”. Maybe now people will listen and start making changes πŸ”„.

Anyway, just a heads up to all the sensitive network users out there: if you haven't disabled your Net-NTLMv1 yet, do it ASAP 🚨!
 
Ugh, I'm so tired of weak admin passwords πŸ€¦β€β™‚οΈπŸ’»! Like, come on people, we've known about these vulnerabilities for ages πŸ’‘ #NTLMv1 is like a ticking time bomb just waiting to be exploited πŸ”₯ And now Mandiant's released this rainbow table that can crack them in under 12 hours πŸ•°οΈ using hardware that's actually accessible to most security teams πŸ’Έ That's some serious firepower πŸ’£

I'm not surprised, though - the fact that NTLMv1 is still widely used in some sensitive networks is just mind-boggling 🀯 It's like, we've got the tools and the knowledge to fix this, but sometimes inertia just wins out 😩 And let's be real, who wants to be the one explaining to the CEO why their network got hacked because they didn't take security seriously enough? 😳 #SecurityMatters #GetItTogether
 
You must log in or register to reply here.
Back
Top