Kerberos – NTLM Password Hashes – Questions!
I have worked as a system administrator mainly on Widnows Server for some years now. Over the course of time I've always had a hard time trying to fully understand how Kerberos work. For about 3 weeks as of now I have been informing and studying ethical hacking, this involves Kerberoasting of course.
Now, one of the things I have noticed by reading articles, watching videos and all that, is that you can either get NT Hashes (pass-the-hash) or get Kerberos tickets for services depending on the scenario.
https://book.hacktricks.xyz/windows-hardening/active-directory-methodology/kerberos-authentication
This is one of the phases Kerberos has, as you can see the TGT is signed by the KDC using the NT Hash of the krbtgt account, the other portion for the user which contains session key, TGT expiration time and a nonce, is encrypted by the user NT Hash.
Then we have TGS-REP (I know I skipped steps), which uses the service account hashed password and session key is generated.
There's two keys in Kerberos, the user encryption key, and the session key, which are encrypted using for example RC4, DES or AES128 and AES256.
However, when the password of the user or service is encrypted, is not the actual password that's encrypted but the actual NT Hash of the password, which in theory are NTLM passwords. These are the same hashes compared when doing a cached logon against the local SAM, or even when access services over the network using IP addresses instead of hostname hence doing NTLM.
Now, according to the following article and others I've read about NTLM; NTLMv1 uses DES as a hashing algorithm and NTLMv2 uses MD5, which quite frankly are considered old on these days:
https://book.hacktricks.xyz/windows-hardening/ntlm
Modern operating systems use SHA-1 or even SHA-256 as a hashing algorithm, in fact, TLS sessions cipher suites (the modern ones) also use SHA for hashing the data packets.
My question at this point is...if NTLM (1 and 2) use old algorithms for password hashing...how are newer operating systems or even systems with DES and MD5 disabled either through registry (it can be done as well as restrcting cipher suites for TLS) or per application able to decrypt NTLM hashes? This would apply for local logons as well as file shares over the network by IP (just to name one). I understand that Kerberos would not do it as it never actually hashes the password or unhash it.
The Kerberos RFC here talks about PBKDF2 and Wikipedia says it's a way to generate keys:
https://datatracker.ietf.org/doc/html/rfc3962#section-4
https://en.wikipedia.org/wiki/PBKDF2
I am trying to get my head around this as basically owning NTLM hashes gives you all the power over a domain if you can get a ticket or login with a domain admin and at this point I even think the extra security in Kerberos is not being benefitial.
Please shed some light over here! I'd appreciate it so much.
