Re: Storing passwords in OSD

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: boomboom999@xxxxxxxxx
Date: 13 Mar 2006 14:27:45 -0800

boomboom999@xxxxxxxxx wrote:

I am wondering where this password is stored and how well it is
protected?

After some little research I have found that the passwords seem to be
stored in SMSDeploy.xml in the following format:

<Reserved1>469CF7AC7014AB8A88612F82E5889FE67AAC3FE8EA2D92D9DAA7F743EAEBF7975B62A12DAADDBE</Reserved1>

<Reserved2>E50A5B10C0A8083B2A8DD5FE6F8DAB5634BBC83B86DF3A9F34FB93FCBDD16781ED998D7571B40B</Reserved2>

<Reserved3>2BDBD538CCC9D8071AF06F61EB203744D5E49E31E7</Reserved3>

What is it? Is it hash values or some simple encoding like base64?
If it is hash values how can the workstation use them to join itself to
the domain?

.

Follow-Ups:
- Re: Storing passwords in OSD
  - From: Johan Arwidmark
- Re: Storing passwords in OSD
  - From: Michael Niehaus [MS]

References:
- Storing passwords in OSD
  - From: boomboom999

Prev by Date: Re: USMT process with OSD?
Next by Date: OSD/ZTI Reboot supressed during the "State Restore" phase
Previous by thread: Storing passwords in OSD
Next by thread: Re: Storing passwords in OSD
Index(es):
- Date
- Thread

Relevant Pages

XP breakin
... Hash: SHA1 ... It appears that someone is broken into my xp workstation and changed ... my passwords. ...
(comp.os.ms-windows.nt.admin.security)
Re: Password hashes
... NTLM hash as the key. ... There is however no locally stored NTLMV2 hash of passwords. ... Auditing and reviewing the security logs ... secure their network and data and the documentation to do such at TechNet ...
(microsoft.public.windowsxp.security_admin)
Re: Windows XP / 2K3 Default Users
... Cracking the 'passwords' has never been ... The gist of the 'technique' is the "Modifying Windows NT Logon Credential" ... existing windows applications that use the hash currently set to ... and then re-use those hashes to try to get authenticated access to other ...
(Pen-Test)
Re: Pidgin IM Client Password Disclosure Vulnerability.
... because we need to be able to generate the hash a given ... Some protocols can ask for different types of hashes at ... passwords stored in it ... lost, you have much bigger problems than lost IM passwords. ...
(Bugtraq)
Re: Decrypt fails
... I am creating a MD5 hash data and then using it to derive a key ... (CALG_RC2 encryption algorithm). ... My requirement concerns more with not storing passwords in plain ... > that he provided and compare it to the hash in the database. ...
(microsoft.public.platformsdk.security)