Certified Ethical Hacker (CEH v12) — Question 133

An ethical hacker is attempting to crack NTLM hashed passwords from a Windows SAM file using a rainbow table attack. He has dumped the on-disk contents of the SAM file successfully and noticed that all LM hashes are blank. Given this scenario, which of the following would be the most likely reason for the blank LM hashes?

Answer options

• A. The SAM file has been encrypted using the SYSKEY function.
• B. The passwords exceeded 14 characters in length and therefore, the LM hashes were set to a “dummy" value.
• C. The Windows system is Vista or a later version, where LM hashes are disabled by default.
• D. The Windows system is using the Kerberos authentication protocol as the default method.

Correct answer: C

Explanation

The correct answer is C because starting from Windows Vista, LM hashes are disabled by default to enhance security. Options A, B, and D are incorrect because SYSKEY does not specifically lead to blank LM hashes, longer passwords do not affect LM hashes in this context, and the use of Kerberos does not directly relate to the presence of LM hashes.