Crack Weak Admin Passwords in 12 Hours with Mandiant’s New Tool
▼ Summary
– Mandiant has released a publicly accessible rainbow table database to crack passwords protected by the outdated NTLMv1 hash algorithm.
– This tool allows anyone, including security professionals and malicious hackers, to recover passwords in under 12 hours using inexpensive consumer hardware.
– The release aims to pressure organizations still using NTLMv1 by making it easier to demonstrate its insecurity.
– NTLMv1 remains in use on sensitive networks due to legacy application dependencies, migration costs, and organizational inertia.
– The database specifically targets Net-NTLMv1 passwords used for network authentication, such as accessing SMB file sharing.
Security professionals now have a powerful new resource to demonstrate the critical vulnerabilities of an outdated authentication protocol. Mandiant, a leading cybersecurity firm, has publicly released a specialized database designed to crack passwords protected by the deprecated NTLMv1 hash algorithm in under 12 hours. This move aims to push organizations still using the weak protocol to finally upgrade their security, as the tool dramatically lowers the technical and financial barriers for cracking these passwords using readily available consumer hardware.
The database is a precomputed rainbow table, a massive list of hash values paired with their original plaintext passwords. These tables allow someone to quickly reverse a stolen hash back to the actual password used to create it. While rainbow tables for NTLMv1 have existed for roughly twenty years, they traditionally demanded significant computing resources to be practical. Mandiant’s new offering changes that equation entirely. Hosted on Google Cloud, the table enables defenders, researchers, and inevitably malicious actors to recover Net-NTLMv1 passwords used for network authentication, such as accessing SMB file shares, with hardware costing less than $600.
The persistence of NTLMv1 in some of the world’s most sensitive networks remains a serious concern, given its well-documented flaws. The algorithm’s limited keyspace makes creating effective rainbow tables relatively straightforward. Organizations often delay migration due to reliance on legacy applications in sectors like healthcare and industrial control, which are incompatible with modern hashing methods. The perceived cost and operational downtime required to update mission-critical systems also contribute to the inaction, alongside general organizational inertia and budget constraints.
Mandiant states that its goal is to empower security teams by providing a clear, accessible demonstration of the protocol’s insecurity. Previously, exploiting NTLMv1 often meant sending sensitive data to third-party cracking services or investing in expensive hardware for brute-force attacks. By making this tool available, the firm highlights the urgent and tangible risk, hoping to catalyze long-overdue security upgrades across various industries.
(Source: Ars Technica)
