For this case study we extract used plaintext passwords from more than 1,500,000 cracked active directory hashes from LIFARS’ former pentests.
When we black box penetration test or Red team internal or external systems, we often have hashes. These hashes are subsequently cracked for checked vulnerable password policy. This is a very old a method to get a plaintext password and reuse it for other systems and infrastructure devices.
For external pentests, the most common hash sources are SQLi, path traversal, and IKE aggressive mode handshake.
For internal pentests, hash sources are mostly MItM for authentication of AD, DB and web services, IPMI, and kerberoasting.
The difference of the normal user password selection depends on the type of system and password policy.
Web-based interfaces, where there is less restriction on password policy, choose simpler passwords and much more usable dictionaries.
In the case of a multinational corporation or a worldwide web service, the native language and cultural habits of the user or of the corporation’s branch office are important factors…
Download case study to learn more about password cracking