hashing - enabling LM hash in Windows 7

24
2014-04
  • Matt

    Is there any way to enable/convert an NTLM hash for a user account on Windows 7 to a LM hash? I know it's not secure, but I am trying to test something. Is it even possible?

  • Answers
  • grawity

    NT hashes are NTLM hashes.

    If you meant LM hashes, you can enable them via Group Policy (secpol.msc), but the changes will only apply after setting a new password – you cannot convert an existing hash to a weaker one. (This should be somewhat obvious, since the hashing would be entirely pointless if that was possible.)


  • Related Question

    ntlm - Can I get Chrome to work with sites that use windows integrated security?
  • Questioner

    I've had success altering about:config in firefox to get firefox to work with certain intranet sites that use windows integrated security. Is there something like about:config in Chrome? Is there some other way to change a setting to enable windows integrated security (NTLM) in Chrome?


  • Related Answers
  • Joel Coehoorn

    To summarize the link provided by @Vivek Kodira, you can to set a proxy server on your local machine that will do the authentication on behalf of Chrome. Then it's not Chrome that does the authentication, it's the proxy, but Chrome doesn't know that.

  • Myster

    Chrome has been updated (version 5+) has the following:
    In windows it integrates with intranet zones setting in 'internet options'

    In Windows only, if the command-line switch is not present, the permitted list consists of those servers in the Local Machine or Local Intranet security zone (for example, when the host in the URL includes a "." character it is outside the Local Intranet security zone), which is the behavior present in IE.

    If a challenge comes from a server outside of the permitted list, the user will need to enter the username and password.

    For other OS's, you can use the command line switch:

    --auth-server-whitelist="*example.com,*foobar.com,*baz"
    

    source: https://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication

  • opensas

    well it's a known problem... it should be fixed in future versions...

    http://code.google.com/p/chromium/issues/detail?id=19 http://code.google.com/p/chromium/issues/detail?id=6824

  • Mike Powell

    It's scheduled for inclusion in Milestone 5:

    http://www.chromium.org/developers/design-documents/network-stack

  • Vivek Kodira

    Googling produces a few links that suggest otherwise. The first result however (link) suggests a hack. Hope it is useful:).

  • Rodrigo Coacci

    I've found out that some proxy servers (Websense in my case) have configurations concerning the user-agent. And they actively block NTLM auth even when requested by the browser if the user-agent is not recognized (or matches some list, dunno). For example in my company, setting chrome's user-agent to a Firefox user-agent magically makes NTLM authentication work. I suggest everyone having NTLM auth problems to try changing their chrome's UA to the one of a working browser (IE ou Firefox) and see if it works. If it does, blame your company's sysadmins for doing this.

  • Seasoned Advice (cooking)

    Help get this fixed: go to Google-Chrome known issues and report that you are having this issue also.