Credential stuffing is a prevalent attack where attackers download large databases of stolen credentials and test them against various network services. Such leaks occur when a third-party service is hacked, leading to the theft of databases that are then made available online. Unfortunately, many users reuse passwords across different services, making organizations vulnerable to efficient credential stuffing attacks.
Note: Anyone, including you, can easily search the Internet for leaked databases containing credentials and passwords. It’s relatively simple to exploit this situation when individuals fail to change their passwords! |
Password Cracking is an offline attack that begins with attackers stealing password representations, typically stored as hashes, from a target. Hashes are generated using a one-way function, making them irreversible without cracking.
If attackers access these credentials, they are often protected by encryption or hashing. Password cracking utilizes computing power from CPUs and GPUs to generate guesses that match the secured credentials obtained from the system.
Note: GPUs are generally more effective for password cracking due to their hundreds of micro cores, each capable of performing small tasks independently. This parallel processing enables password crackers to significantly accelerate their cracking efforts by distributing the workload across multiple cores. |
By exploring unprotected applications, attackers can take advantage of features like search fields to find sensitive information. Many network applications can be accessed freely, often revealing valuable data. Therefore, during network mapping and port scanning, it’s essential to investigate each discovered system and service.
Typically, attackers leverage credentials from compromised user accounts within an environment. For instance, if they gain access to a user’s computer, they can reuse the existing credentials, opening up numerous opportunities to exploit various applications such as:
Once inside an application protected by access controls, attackers can often find numerous vulnerabilities and sensitive data. Credentials can also be extracted through various methods, especially when the attacker has administrator access. One such tool used for this purpose is Mimikatz, which aims to dump credentials from the system.