Jack Recider

Maybe add in their own word list, such as the company name or mascot or city or address or person's name or kid's name. If no luck there, then... Try every word in the dictionary, but add numbers to the end of it and maybe mix it up a little bit and see if that works. And just try tons of combinations. And pretty much all the stuff I've listed so far probably only takes like a few hours or less.

Now, after the tool has tried all this, it just then starts going through every single possible character combination in the world, such as AAA, AAB, AAC, AAD. So this combination of finding a username and password hash from Responder and then trying to crack it in Hashcat could take hours or even days, since it's about waiting and timing and maybe brute forcing the password.

Now, after the tool has tried all this, it just then starts going through every single possible character combination in the world, such as AAA, AAB, AAC, AAD. So this combination of finding a username and password hash from Responder and then trying to crack it in Hashcat could take hours or even days, since it's about waiting and timing and maybe brute forcing the password.

So in the meantime, he's looking around the network to see what else is there. A good place to start is Nmap. Nmap is a basic tool that you can use to quickly scan the network to see what's there. It'll basically ping every IP address in the network to see what responds. And if any do, then it'll try to see if that host has any open ports.

So in the meantime, he's looking around the network to see what else is there. A good place to start is Nmap. Nmap is a basic tool that you can use to quickly scan the network to see what's there. It'll basically ping every IP address in the network to see what responds. And if any do, then it'll try to see if that host has any open ports.

Then Nmap will spit out a report saying, here are all the computers on the network that I found to be alive, and these are their open ports. Exactly, yeah.

Then Nmap will spit out a report saying, here are all the computers on the network that I found to be alive, and these are their open ports. Exactly, yeah.

So there's a lot of stuff going on at once. He's got these background tasks running to try to get more usernames and hashes, and he's also trying to crack the hash he's got.

So there's a lot of stuff going on at once. He's got these background tasks running to try to get more usernames and hashes, and he's also trying to crack the hash he's got.

Boom. He cracked the password. Yes. But who is this user? Are they just like a low-level user? Or are they a system admin? He has to find out. And to do that, he logs into a computer on the network to see what his access is. And it's a normal user with no special privileges.

Boom. He cracked the password. Yes. But who is this user? Are they just like a low-level user? Or are they a system admin? He has to find out. And to do that, he logs into a computer on the network to see what his access is. And it's a normal user with no special privileges.

Let's just say it was an inappropriate place to put a camera in an office if that lady wasn't aware of it. Joe knew that what he was looking at was potentially going to get someone fired. So he had to proceed with caution here.

Let's just say it was an inappropriate place to put a camera in an office if that lady wasn't aware of it. Joe knew that what he was looking at was potentially going to get someone fired. So he had to proceed with caution here.

It's interesting to stumble upon this as a security consultant, since it's not really a network security issue. It's more of a see something, say something issue. Like, do you even put this in the final security report? Joe went on to complete the pen test, and he found some misconfigurations in Active Directory, which gave him administrator access, which pretty much gives him keys to the kingdom.

It's interesting to stumble upon this as a security consultant, since it's not really a network security issue. It's more of a see something, say something issue. Like, do you even put this in the final security report? Joe went on to complete the pen test, and he found some misconfigurations in Active Directory, which gave him administrator access, which pretty much gives him keys to the kingdom.

The network admin can reset anyone's password, see all shared drives, probably even read everyone's email. So he put all this into a report and delivered his findings on the final call.

The network admin can reset anyone's password, see all shared drives, probably even read everyone's email. So he put all this into a report and delivered his findings on the final call.

Yeah, as far as like your success rate, I mean, you're always going to find something, even if it's like a CVV level three. But I mean, as far as just success rate of just like owning the whole network and gaining access to sensitive systems, getting half the user's passwords in the whole organization, that kind of thing, is that fairly high?

Yeah, as far as like your success rate, I mean, you're always going to find something, even if it's like a CVV level three. But I mean, as far as just success rate of just like owning the whole network and gaining access to sensitive systems, getting half the user's passwords in the whole organization, that kind of thing, is that fairly high?

Do you feel pretty confident like, yeah, I'll probably be able to own this network?