Hacking Windows Accounts with Powershell

If I asked you for your password, no doubt you’d tell me to get lost. If I asked for your username you would be suspicious. If I asked you for your email address, you’d likely give it up.

Of course, your email address and your username are quite likely one and the same. What good is your username if I don’t have your password? Well, there’s not much that can be done with a single username in terms of hacking. In large numbers, however, usernames can be quite useful.

How can I get my hands on a large number of usernames? There are many techniques, some for web applications, others for internal attacks. In this episode we depart from our usual audit focus to weaponize an information disclosure that is a part of virtually every Microsoft Windows domain that you’ll encounter.

Using a few easy tools, we’ll extract the usernames and then use an easy technique to capture valid username/password credentials, compromising accounts!

Visit http://auditcasts.com to download the original video or subscribe to our RSS feed.

For a longer discussion of what’s happening in this presentation, please be sure to visit here: http://it-audit.sans.org/blog/2011/09/21/usernames-matter-more-than-passwords

Leave a Comment