In 2014 Microsoft published a patch to resolve an issue which caused administrative credentials to be stored insecurely in a location reachable by any user on the Windows domain. Many administrators patched the flaw, but failed to read the release notes instructing them how to remove the already saved credentials. This flaw was tracked as MS14-025. Answer the following questions, needed to take advantage of this flaw: Where did group policy store these passwords? Use of a static AES key for all users made this system weak. What was the actual key used? Are there tools available to decrypt these passwords? If so name at least one.
Group Policy objects in your domain can have preferences that store passwords for different tasks, such as the following: 1. Data Sources 2. Drive Maps 3. Local Users 4. Scheduled Tasks (both XP and up-level) 5. Services
The CPASSWORD is the filed that is used in the Group Policy Preferences XML configuration file that contains the password. Being an XML file this makes it very easy if find the field by simply looking a the contents of the XML files stored in you SYSVOL.
This means that any authenticated user can open the Group Policy Preference XML file with the encrypted password and decrypt it using the AES key posted on MSDN. This AES key is part of every Windows computer that is Group Policy Preferences capable.
In 2014 Microsoft published a patch to resolve an issue which caused administrative credentials to be...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...