I've found that when we also dump the NTDS history, we can see that many people do simple increment like Tinker says, or other increments like Fall2019 to Winter2019.
Dumped NTDS.dit. Had everyone’s hash. Cracked majority of them and had their clear text password. Target forced password reset on all users. I took passwords that ended in a number, added 1 to that number, and gained access to that environment again.https://twitter.com/gcluley/status/1204721637666492417?s=20 …
-
-
-
That’s a great point! With NTDS.dit history, you know can get into people’s minds and see their password patterns. Guess future ones.
- Još 2 druga odgovora
Novi razgovor -
-
-
BTW finally caught up with your session on
@DarknetDiaries fabulous story. -
Cheers, Kate :)
Kraj razgovora
Novi razgovor -
-
-
Omfg that makes my heart cringe
- Kraj razgovora
Novi razgovor -
-
-
I'm still amazed this still works. Would think there should be away to restrict how and when that file can be interacted with. Also amazing
- Još 1 odgovor
Novi razgovor -
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Why do we suck at this? Also in the vein of countermeasures in the wrong direction but still a direction - why the flying f#$k isn't that picked up/stopped by password policy! (going back to my coffee now)
-
Why do we suck at understanding human psychology? Lots of times we don't consider it because we're focused on technology. Why don't password systems detect password changed similar to previous ones? Because small changes in passwords leads to vast differences in their hashes
- Još 4 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.