Winlogon Password Leaking
The flow is:
— user enters password
— winlogon loads mpnotify.exe
— mpnotify opens RPC channel
— winlogon sends pass via RPC
— mpnotify forwards to DLL
— DLL stores it on disk
https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
#winlogon #password #leak #redteam
The flow is:
— user enters password
— winlogon loads mpnotify.exe
— mpnotify opens RPC channel
— winlogon sends pass via RPC
— mpnotify forwards to DLL
— DLL stores it on disk
https://github.com/gtworek/PSBits/tree/master/PasswordStealing/NPPSpy
#winlogon #password #leak #redteam
Extracting passwords from hiberfil.sys
When in password hunting mode and having access to the filesystem of the target, most people would reach out to SAM and/or extracting cached credentials. People often overlooked is hiberfil.sys and/or virtual machine snapshots or memory dumps, as they usually contain passwords in plain text.
https://diverto.github.io/2019/11/05/Extracting-Passwords-from-hiberfil-and-memdumps
#hiberfil #dump #password
When in password hunting mode and having access to the filesystem of the target, most people would reach out to SAM and/or extracting cached credentials. People often overlooked is hiberfil.sys and/or virtual machine snapshots or memory dumps, as they usually contain passwords in plain text.
https://diverto.github.io/2019/11/05/Extracting-Passwords-from-hiberfil-and-memdumps
#hiberfil #dump #password
Password Spraying and MFA Bypasses
https://www.sprocketsecurity.com/blog/how-to-bypass-mfa-all-day
#ntlm #password #spraying #o365 #exchange #mfa
https://www.sprocketsecurity.com/blog/how-to-bypass-mfa-all-day
#ntlm #password #spraying #o365 #exchange #mfa
Sprocket Security
Password spraying and MFA bypasses in the modern security landscape
Any offensive security operator will tell you that guessing employee credentials is key to compromising your customer’s network – and therefore highlighting vulnerabilities – during a cyber-security engagement. The thing is, it’s easier said than done as…
CredMaster
Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.
The following plugins are currently supported:
— OWA
— EWS
— O365
— O365Enum
— MSOL
— Okta
— FortinetVPN
— HTTPBrute
— ADFS
— AzureSSO
https://github.com/knavesec/CredMaster
#owa #o365 #adfs #password #spraying
Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.
The following plugins are currently supported:
— OWA
— EWS
— O365
— O365Enum
— MSOL
— Okta
— FortinetVPN
— HTTPBrute
— ADFS
— AzureSSO
https://github.com/knavesec/CredMaster
#owa #o365 #adfs #password #spraying
🔥4
⚙️ Psudohash — Password List Generator For Orchestrating Brute Force Attacks
This is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more.
https://github.com/t3l3machus/psudohash
#wordlist #password #generator #bruteforce
This is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more.
https://github.com/t3l3machus/psudohash
#wordlist #password #generator #bruteforce
👍7🔥5
Forwarded from Offensive Xwitter
😈 [ Steph @w34kp455 ]
Call it the biggest #NTLM #password database or monstrous #MD5 leak, but on, you can find precomputed datasets for various wordlists and different hashes - all free!
FYI:
🔗 http://weakpass.com
🐥 [ tweet ]
Call it the biggest #NTLM #password database or monstrous #MD5 leak, but on, you can find precomputed datasets for various wordlists and different hashes - all free!
FYI:
all_in_one.latin.txt for NTLM contains 26.5 billion pairs of hash:password inside!🔥🔗 http://weakpass.com
🐥 [ tweet ]
🔥9❤2👏1
🎯 SpearSpray
Advanced password spraying tool for Active Directory environments. Combines LDAP user enumeration with intelligent pattern-based password generation. Uses Kerberos pre-authentication and leverages user-specific data (pwdLastSet, displayName) to create personalized passwords per user.
🔗 Source:
https://github.com/sikumy/spearspray
#ad #password #spraying #kerberos #bloodhound
Advanced password spraying tool for Active Directory environments. Combines LDAP user enumeration with intelligent pattern-based password generation. Uses Kerberos pre-authentication and leverages user-specific data (pwdLastSet, displayName) to create personalized passwords per user.
🔗 Source:
https://github.com/sikumy/spearspray
#ad #password #spraying #kerberos #bloodhound
2🔥13👍6