By Mike S
Just before the holiday weekend, as their final act of defiance in 2011, AntiSec supporters published nearly a million records taken during the Christmas Eve attack on Strategic Forecasting Inc. The Tech Herald has examined the list of 860,160 passwords hashes that were leaked, and the results of our tests were both expected and pitiful.
We’re sorry to report that the state of password management and creation is still living in the Dark Ages.
The first half of the report describes their methodology, and the latter half describes the passwords they’ve cracked.
Do your employees or customers use passwords like these? How do you know?
By Mike S
A while ago, Dave Hoelzer did a nice video on how to use Windows PowerShell to hack domain user accounts. Basically, Dave leveraged PowerShell commands which any domain user can execute on a domain and receive either a positive and negative response based on the legitimacy of the username and password combination. This got me thinking. Since I’m not typically handed, or able to spawn, a PowerShell right from the get go, what else could I use to accomplish the same goal? The answer is attempting to connect to the IPC$ share of a domain controller. Using the following command, you can spray a huge list of domain users with a small number of passwords (to avoid lockout) and try to catch someone using something simple.
@FOR /F %n in (names.txt) DO @FOR /F %p in (passwords.txt) DO @net use \\DC01 /user:mydomain\%n %p 1>NUL 2>&1 && @echo [*] %n:%p && @net use /delete \\DC01\IPC$ > NUL
WARNING: Make sure the number of passwords in your file is less then that of the account lockout policy.
And the other obligatory warning – make sure you have approval from Corporate before trying this.
via PaulDotCom: Archives.
By Mike S
Something to be aware of:
A security researcher has discovered that changes to Directory Services in Lion make it much easier to access and potentially crack hashed user passwords. Worse yet, it is possible for any user to change any currently logged in user’s password, making it much easier to gain root remotely.
By Mike S
Yet another reason to keep your WiFi secured: psycho-nutball neighbors:
Barry Ardolf, 46, repeatedly hacked into his next-door neighbors’ WiFi network in 2009, and used it to try and frame them for child pornography, sexual harassment, various kinds of professional misconduct and to send threatening e-mail to politicians, including Vice President Joe Biden.
Ardolf downloaded WiFi hacking software and spent two weeks cracking the Kostolnik’s WEP encryption.
Step 1: Do not use WEP. It is easy to crack, and there’s plenty of documentation on the subject, as illustrated by the suspect’s library:
The FBI got a search warrant for Ardolf’s house and computer, and found reams of evidence, including copies of data swiped from the Kostolniks’ computer, and hacking manuals with titles such as Cracking WEP Using Backtrack: A Beginner’s Guide, Tutorial: Simple WEP Crack Aircrack-ng, and Cracking WEP with BackTrack 3 – Step by Step instructions. They also found handwritten notes laying out Ardolf’s revenge plans, and a cache of snail mail that Ardolf had apparently stolen from the Kostolniks’ mailbox and stashed under his bed.
Kick your encryption up to WPA2 at least, and use a nice long key with many different types of characters and symbols.
And if you don’t actually have wireless devices in your home, turn off the radio!