Protecting Against Stolen Network Hashes and Cracked Weak Passwords
Network share requests, common for collaboration and file sharing, are often exploited through a combination of stolen network hashes and weak passwords.
Joseph Carson demonstrates a common technique cybercriminals can use to launch a cyberattack on your organization - so you can better protect yourself.
Summary of Transcript:
Another common technique for attackers to gain access to your environments and steal your credentials is using tools like Responder, which responds to NetBIOS and LLMNR responses. If they're enabled on the network, it allows Responder to respond to network share requests, for example.
If I execute Responder, it's listening for different events and requests from machines. During the day, employees are going to try and connect to network shares for various different methods and means. if an employee looks for network share, my machine is going to pretend to respond that I've got that network share on my machine here.
I'm already responding, doing LLMNR poisoning, answering to that and saying, "If you want to gain access to the network share, it's over here on my machine. Simply just pass me your network NTLM hash, and I will give you access."
I'm going to get the hash, but I'm not going to give them access, because I don't have that share available. Here we can see that the machine's already responded with its hash and I can take that offline and attempt to crack it.
So here I'm going to take it over to my machine, I've already put it into this hash patchy file. This is the actual NTLM hash itself. And if weak credentials, user-created credentials, or reused credentials that have been previously compromised, it's very easy for attackers to crack those.
So in this case, I'm going to use hashcat in mode 5600, which is network NTLM and then try to crack this hash patchy. After a few moments, I've been able to get the clear text password by cracking this really weak password.
It's important you protect your organization against this common technique.
#cybersecurityexpert #cybersecurity
Joseph Carson demonstrates a common technique cybercriminals can use to launch a cyberattack on your organization - so you can better protect yourself.
Summary of Transcript:
Another common technique for attackers to gain access to your environments and steal your credentials is using tools like Responder, which responds to NetBIOS and LLMNR responses. If they're enabled on the network, it allows Responder to respond to network share requests, for example.
If I execute Responder, it's listening for different events and requests from machines. During the day, employees are going to try and connect to network shares for various different methods and means. if an employee looks for network share, my machine is going to pretend to respond that I've got that network share on my machine here.
I'm already responding, doing LLMNR poisoning, answering to that and saying, "If you want to gain access to the network share, it's over here on my machine. Simply just pass me your network NTLM hash, and I will give you access."
I'm going to get the hash, but I'm not going to give them access, because I don't have that share available. Here we can see that the machine's already responded with its hash and I can take that offline and attempt to crack it.
So here I'm going to take it over to my machine, I've already put it into this hash patchy file. This is the actual NTLM hash itself. And if weak credentials, user-created credentials, or reused credentials that have been previously compromised, it's very easy for attackers to crack those.
So in this case, I'm going to use hashcat in mode 5600, which is network NTLM and then try to crack this hash patchy. After a few moments, I've been able to get the clear text password by cracking this really weak password.
It's important you protect your organization against this common technique.
#cybersecurityexpert #cybersecurity
Тэги:
#Password_security #password_cracking #cyberattack #network_sharing #DelineaКомментарии:
![morgenshtern - ice [slowed + reverb]](https://invideo.cc/img/upload/SUFfd2lCZFR5UEo.jpg "morgenshtern - ice [slowed + reverb]")
Rope Manoeuvres - Edge Obstruction (at the top)
Arco Professional Safety Services
Який мінітрактор на 40 сил вибрати - Огляд ДТЗ 5404 та Кентавр 404
РАЗВИЛКА - РЕАЛЬНІ ОГЛЯДИ ТРАКТОРІВ
Great Ways to Start Your Massage - ABMP Student Life
Associated Bodywork & Massage Professionals | ABMP
Заявления террористов штурм реакция Путина что известно о захвате колонии в Волгоградской области
RTVI Новости
22 часа назад
Lp Сердце Вселенной 1 НАЧАЛО ПУТЕШЕСТВИЯ Новый сезон Майнкрафт
MrLololoshka (Роман Фильченков)
1 день назад
ФАНАТКА ГУРАМА АМАРЯНА большоешоу 9сезон юленька куруч амарян юмор Mediumquality мусагалиев
Азамат Мусагалиев
1 день назад
Новые Русские Бабки танцуют под хит Дарите женщинам цветы Смешной флешмоб вместе с Jazzdauren
Новые русские бабки
1 день назад
