Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: taxcontrol

No one is gonna crack a password unless you are a target specifically. With millions of hacked passwords for sale for a few dollars each, why would anyone waste time cracking one unless you are a specific target. And, if you are, they are gonna get you some other way.


24 posted on 04/25/2018 12:58:53 PM PDT by anton
[ Post Reply | Private Reply | To 14 | View Replies ]

To: anton

Allow me to give you a real world example that is counter to your point.

During an active pen test of a bank, I walked the outside of the building and noticed that on of the doors did not shut all the way. I walked up to the door and pushed it open. That let me into a hallway that had a printer. The printer was connected to both power and a wall plate that had an active Ethernet port. I took my wifi extender, and plugged it into the second port and sure enough got a connection. The wifi extender was configured to allow me to access that port via the wifi link. So I went back outside, pulled my car into the parking lot (Wendy’s I think) that was opposite the door. I jumped on the laptop, connected to my wifi device and I was on their branch office network.

This particular branch also had a guest wifi for their customers and in internal wifi for their conference rooms. Now I know how lazy IT people can be so I figured I would crack the wifi password and try to use the same password to get to the switch. So I set the wifi up to require someone to log in. It is basicly a reset packet that dumps the wifi connection. Most users dont notice it because the default configuration is to attempt to reestablish connection by logging back in. I did care who it was because I just wanted to get a copy of the hash. Sure enough, I was able to grab a trace of their connect request and the hash is contained in that request.

Using my Verizon 4G hot spot, I sent that hash back to my cracking rig and had the wifi password in less than 10 min. I dont know exactly how long it took because I went into a coffee shop for a coffee after I sent over the hash. Once I had that password, I went back to the connection that I had put in and sure enough, the infrastructure ... all of the switches, used the same password. Now I could see the branch’s traffic Every single connection. A simple reconfiguration of the switch and now my wifi connection would receive a copy of any person’s traffic that I wanted to see. From there, using a similar trick as the wifi reset, I executed a TCP reset on someone’s traffic, captured the hash that was sent across the network, and sent that hash to my cracking rig.

So before lunch, I had user credentials and their password and a connection to the backbone along with the infrastructure password The infrastructure password was “Yankees11!”

No one challenged me.
No one stopped me.
Heck, I didnt even see anyone in the hallway.
After lunch I contacted my security contact and asked if any alarms were going off. Nope, not one.

Owned in less than 4 hours.

Granted, that is the exception rather than the rule and I have purposely left out some details. But I did not target any user. I just cracked the passwords of those that were easy to obtain.


25 posted on 04/25/2018 2:22:01 PM PDT by taxcontrol (Stupid should hurt)
[ Post Reply | Private Reply | To 24 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson