Backend documentation?

Yoann Gini yoann.gini at
Sat Apr 13 18:00:03 MDT 2013

Le 13 avr. 2013 à 14:58, Simo <idra at> a écrit :

>> cmusaslsecretSMBNT: 4039730E1BF6E10DD01EAAC983DB4D7C40A0C1609E7F0000206A7A0D01
>>  000000
> This is your user alice NT password apparently, the format looks slightly odd, but if it is a RC4-HMAC as it should you should be able to use it pretty easily with pdb_ldap or a modification of it.

Like I’ve said, 4039730E1BF6E10DD01EAAC983DB4D7C40A0C1609E7F0000206A7A0D01000000 is the saved version of the word alice, and the NT Hash of the word alice is 4039730E1BF6E10DD01EAAC983DB4D7C, the first part of the string.

I’m wonder what is the rest, 40A0C1609E7F0000206A7A0D01000000 but at least I’ve the NT Hash. The LM would be 03AE564CFCE123E3AAD3B435B51404EE so it’s not that.

> Now tell Alice to change her password if it is a real user. A NT hash is a clear text equivalent over SMB so her account is basically compromised by having revealed the hash.

Don’t worry, it’s a demo user on a demo system.

More information about the samba-technical mailing list