challenge 26 penetration testing: bringing passwords up to snuff - amaterasusecurity/nice-challenges GitHub Wiki
Author: Bailey Kasin **Framework Category:**Protect and Defend **Specialty Area:**Vulnerability Assessment and Management **Work Role:**Vulnerability Assessment Analyst **Task Description:**Conduct and/or support authorized penetration testing on enterprise network assets. (T0028) Scenario
We have reason to believe that some of our employees have weaker than should be acceptable passwords, so we want you to conduct authorized penetration testing against various company assets to determine which employees need to change their passwords.
Additional Information
More details and objectives about this challenge will be introduced during the challenge meeting, which will start once you begin deploying the challenge. You will be able to check your progress during this challenge using the check panel within the workspace once the challenge is deployed. The checks within the check panel report on the state of some or all of the required tasks within the challenge. Once you have completed the requested tasks, you will need to document the methodology you used with as much detail and professionalism as necessary. This should be done on the documentation tab within the workspace once the challenge is deployed. Below the main documentation section be sure to include a tagged list of applications you used to complete the challenge. Your username/password to access all virtual machines and services within the workspace will be the following... Username: playerone Password: password123 The username/password used to access the Firewall's web interface within the workspace will be the following... Username: admin Password: password123
-
This might be pretty bad, I was reading an article online today and it talked about how businesses are being hacked more frequently because of weak passwords. How sure are we that this won't happen to us?
-
I know for sure that my password is strong, but I don't know about anyone else's.
-
I'm in the same boat as Ashley. Perhaps @playerone could take this opportunity to get some penetration testing experience.
-
That's actually a great idea. Try performing a dictionary brute force attack on our Active Directory users. Perform a dictionary attack on all user logins except your own. Metasploit, Hydra, or Nmap probably have tools for something like this. Remember, you're a Domain Admin. So, if you get into an account, log in to Domain-Controller and set that user's account to require a password reset on next login.
-
I'll send out a notice saying that anyone who sees the reset screen needs to set their password to something more complex.
-
Good call, @rcortes.
-
@asteele, do you have a recommended wordlist that playerone should use for the dictionary attack?
-
Kali comes with a good password list. You should be able to find it in /usr/share/wordlists on Security-Desk. I think it's called rockyou, or something like that.
@playerone, that is the wordlist I want you to use. Be sure to only request password resets from accounts that you were able to brute force with that wordlist. There's no need to force users to change their passwords if they're already pretty secure.
Notes:
Admin password is password123. This should be more complex.
playerone password is password123. This should be more complex.
Ran nmap and found multiple open ports.
Went on the AD and exported the users to a txt file.
Switched over to the kali machine and opened terminal to run scp to copy txt file over.
Ran Hydra against the AD and gave me results of two AD users.
Opened up AD Users and Computers.
Opened up both Users properties and went to Account tab.
Unchecked "Password never expires" and checked "User must change password at next logon"
Right clicked on the User's and clicked on "Password reset" to force a password reset on the two users.