Hacking101

foreign [Music] just one of the things you want to do it it's just email name foreign I don't work there anymore foreign Valley uses this great so now you would write a script for this enumeration tool that takes I don't know the top 100 most common last names in the country they work in no sense sending a whole bunch of Mediterranean names if these guys are in Yugoslavia no so you kind of find where they're operating is now that's a little weird again thank goodness Canada is actually a health field we have lots of surnames from every nationality and they will be in here because it's first got last so you're going to see all kinds of variations but if you look for most common surnames in a given country you'll find a lot because odds are good even if you're originally from another country or your parents were and that's your surname you're operating out of Canada you know what you show up in the list and so there's a lot of names you wouldn't expect in the top 100 in Canada for example that it's like oh yeah I know eight people was absolutely so throw them in and now just a b so I got eight thousand yeah there's a script for that going to Cali find one of the numerous female enumerators the only catch is you've got to find a mail server that cooperates and often what happens is that these people will forget about one so let's just do this for a second so I know this guy he probably won't care if you're trying hack his stuff he might just use you in the left all right so this guy here this is nothing you see there's a male one and it could be a male three I'm not even sure either of those are I know at least one of them's alive because they still get spam on it but there's a good possibility one of them is dead and I wouldn't care because nothing could be another stand anymore how many of us have know about companies or work at a company well we're not exactly sure where all our stuff is that's on the internet yeah well those the DNS people though honestly so you go poke at all those and go oh there's this mail server they forgot about because still while we agreed to shut that one off yeah I suggest you do that because it's still telling me who all your users are so that's that's what that's what that is a finding the little shakes in the armor it's not going to be like Mr Robot where you click on something and there you go maybe once you're inside the organization and you see there's a vulnerability and there's a script you've got for sure and what a rush the first time that you actually run something and suddenly it's like I want this other machine and I'm not supposed to be this is like awesome if that excites you there's a guy down there named Steve Porter who runs a great operation to go see him I appreciate that your checks in the mail I get a chance oh yeah of the uh so that's one one approach is looking looking pretty people look for weak infrastructure that's left over but be mindful of the counter measures that they might have in place and be prepared to Pivot right by that I mean I mean if how many people are familiar with the miter attack musics so that's weird interesting what the heck is that no it's fantastic I'm really a fan and there's this piece here uh called resource development that's he the hacker okay these are the things that you're doing setting this stuff up and that can be costly and time consuming nowadays with Cloud it's a lot cheaper but you can still be a problem if you'll notice even that Enterprise what's the very first thing you're doing is repo right so if you're thinking about I want to learn more about this this is a thing if you're thinking about it more from the defensive side go here look at these things and go what do we have for this so active scanning what do we have to detect against active scan well you've got firewall ones okay has anybody looked at the firewall launch to see what's coming through yeah do you have a lot of people scan here that's how you know your firewalls work that's good it's against the law it's wrong and even in the CTF we're going to get you to do some skin and it's like I doubt anybody would notice if you're using certain types of tools so the number one tool you want to use is and then that many non-n-fms I'm not talking about two parties I'm talking about overall yes it's the best one there is because there's so many other things that you can do it but once you've figured out what you're after now you're going to go and try and break so let's pretend there's nothing out there how would we do that we're going to figure out some users we're going to fish that what if they're all recently graduates of the good quality fish training and security awareness they go yeah I don't think so they don't fall for it what's the next thing you're going to have to do media virtually okay I know what they make okay so you can find out what they like yeah what they participated in who their dog is and all the rest and then what would you do with that information right but rather than a random dictionary strange name really cool feature so here's some word lists that you've got all right here's some here's some examples of a list of here's how you run it a bunch of degrees in Shell codes and stuff if you give it this list it'll try that login against that data type to crack stuff but you don't have anything to crack yet except maybe a log into a Webmail page or something like that right so you can also use this as a generator if I give you a name like this would be a good example how about go Flames go that wouldn't work tell me one two three Calgary one two three okay but we've got a password complexity program in place what's the default password complexity uh religious to me remember application mortgage number eight characters upper and lower so it's eight characters Rich case and a number or something somebody can challenge me on that it's like yeah okay sure guess what they're all like that okay that'll get you there unless somebody's gone through because nothing like a 15 character password on a one Tuesday after a long weekend into something to light up your help desk 15 characters no repeats for the last 400 tries and yeah and a mandatory 30 days yeah mandatory third day but yeah none of this you can change after three days the best passwords are rememberable to you but not to other people and so as a result if you are truly a Calgary playing fan don't planes go has a very good chance of being in there especially around but in March 30 April followed by you pissed me off again right around yeah right every every year we're hopeful every year except one okay so you're going to use that but use those key words and what you can do is you can go to the company website because there's also things like names of projects and names of CEOs they said that they have a password where a certain manager isn't desirable for whatever reason all of those kinds of things can go in there but you can use that as your dictionary and then you can set these rules right there see I think they had Charles Reed so give the password of generation and you see right here maybe just try and blow this up so I just kind of there's a plus there and there is that physical right there okay so password isn't going to work okay there's nobody nobody's gonna no Windows domain even like next next Windows guy making it that's not gonna work that's not going to be in there so there's no sense even trying that and why wouldn't you want to try that because it's going to generate a failed login and if this list like the rock to your list is what 400 000 like something gigantic I think it's like 14 million though yeah and a lot of them were pretty weak passwords and these are real passwords that were found out there so it's scary to think that your own company where you're in the mail room you need eight characters mixed Facebook like your bank account you could use one two three four five but Darwin has a way of taking care of those people too okay you wouldn't be homeless if you had better passwords I don't know if that's a real thing or not but uh I do think that there are problems with people can't maintain incredibly complex passwords so I don't complain to anybody about using I love you as your password what I say is mix it up instead of the eye what about the shift explanation mark it still looks like an eye and instead of an old or E right on view zero and three now I've got numbers one mix up one of them if you want to this really messes up the password crackers by the way for those of you if you're going to do the the adding the number and all the rest don't add it at the end of the start add it in the middle because all of these tools work by adding this stuff on the end so how many passwords out there are passcode one followed by you must reset every 30 years what's their next password three okay I only need 12 guesses or this company they let everybody on it it's welcome welcome spring or like you know a generic one and everybody comes in and they go that's great I'll just use that and add a one to it so we'll see those kinds of things so get that common list and then run it through one of these password generators and try that against your list your odds don't get that much better but your odds of getting caught go way down and especially if you slow it down if you're only checking ten thousand passwords instead of 14 million do the math I go one every 10 seconds maybe an hour a couple days I don't know somewhere in there 14 million one every 10 seconds to stay nice and slow I'll see you when the Flames are in the playoffs just before they so where is this all leading to so those are a couple of gigantic freaking hints that how you might play this game all right so there's some recap there's some ways to test yourselves yes there's prizes there's going to be a lot more questions cool questions from the guys from crowdstrike or put them on the same board hopefully as soon as they should see him here actually has George actually been working or is it just so yeah here you go you would log into this get on the board why would we want that so you can see I participated in the CTF the very first time if you've never done this you could do this with a web browser you logged in you could do it on an iPad that would be very difficulty requirements and it asks you a question okay and to read the question and there's hints sometimes if the question's harder and you gotta go sign up to it but they get harder degrees of difficulty and I think it was you that said go for the stuff he knows right like there may be things on network targeting that we don't again but you're really good at Social Engineering and retargeting sometimes teaming up with somebody so that's why fantastic things do all that kind of stuff so anyway we plugged it in there it's besides YYC cpf IO uh the password to register is challenges because there's going to be three kinds of challenges there okay one for radio frequency stuff which I'll be racing back to here in a very short order um there's uh there's that a crowdstrike team have put together a bunch of stuff and George and I were to prepare our notes he came up to me this morning was so excited I figured out how to do data X Bill only People Like Us what is that so here's the place where they actually think that's cool we get to go try and see if we can find it in the crowdstrike interface so if you've never used it that's great if you have to and you've got a leg up but and then when you get on the board you're going to answer questions and when you answer your question you may get more questions that open up because now that you know that go look for these and in order to do that you can go I think we actually have a friendly URL but you would log in um you said he sent me the email but you log in here with one of those user accounts and we can get them just come down and talk to us and we'll hand it up this really said was like hacking and these are one user to do something like that and then you can use this web browser if you have a Cali machine of your own or your own I think we've actually got a wi-fi system already down there that you can come in and use um we could probably break up some hard wires I've got a big box cables and the password for the Wi-Fi is the hit song It's a friend all the things that's all one word so if you haven't seen half all the things the official video I was there the night after the whole dancing it's like they did that take place there you go um that's it uh we're downstairs in the North Carolina to discuss the question um happy to answer questions I have two Ex-Wives and four children social Engineers will not work on me I'm happy I'm a rising time and it's all boats so if I can make you a better attacker expect to go home hopefully you got something out of this