Trending searches: what a phisher might get you to click
A question I get asked all the time is "can
you help me hack into something?" And probably one of the most easy ways to
hack into anything is to just get the password and login to it. So I thought I'd give you 64 ways to get someone's
password in under 10 minutes. Oh and as a disclaimer, don't do any of this
unless you have permission. Probably the most effective way of getting
someone's password is to just steal their computer. Or steal their phone. Or tablet. It's sometimes called the "evil maid" attack. Once you have physical access to their computer,
your chances of being able to get into their accounts are much higher. Sometimes there's no password on their device
and you can get in and who knows, maybe they're already logged into the account you want to
access or the credentials are cached. You could just ask them for their password. Jimmy Kimmel demonstrated how simple this
is. Maybe the place you want in, has already been
breached before. You can find breach forums and buy the password
you want. If you can't find the database you're trying
to get into, a lot of people reuse passwords. So maybe get the contents of a different database,
see if their password is in that, then use it to try to get into the one you wanna get
into. You can try to brute force your way in. Tools like "burp suite" or "hydra" can try
to login to a website over and over with different passwords. Starting with aaa, then aab, then aac, and
going down the line until it finds a match. If you can somehow get the password hash,
like by grabbing the contents of C:\windows\system32\config\SAM where hashes are stored. You can then try to brute force the hash,
using tools like john the ripper or hashcat. Sometimes it's easier to get into a higher
level account. Like if you get root access to a linux computer,
you can reset the password for any user on that machine or see their private keys. Or if you get AD admin access, or help desk
access, you can then go in and reset any user's password in the AD database. Or if you can get in as the website admin,
you can reset any user's password that way. Or if just get into the database directly,
you could reset someone's password using SQL commands. Or heck if you're in the database, you might
just be able to see the password itself there. It might be stored in plain text. And you might wonder, how the hell do I get
into a database in the first place? Well you just (1) need "network access" to
it, then (2) "find a vulnerability" on it or the password for it, and then (3) "exploit
it" or get into it. Many times I've seen people go on shodan and
find open mongodb databases. Just open, on the internet for anyone to read
the entire contents of. Or you could go to a website and try to do
an SQL injection. This is where the website and sql server aren't
secure and allow too much user input from the website. And yeah entire databases have been dumped
through SQL injections. Another way to get into a database is to comb
through any code you can find on that site or app. A lot of times credentials are hard coded
in programs or within the app somewhere. So, look if there are any open AWS instances
that expose the codebase and then dive in. Or github repos that have usernames and passwords
in them. Unfortunately a lot of private API keys are
discovered this way too, which an API key can be just as good. Or sometimes even an inspection of the app
itself, using the strings command, or looking at the plist file can show you a password
listed right there in plain text. Actually you might just be able to right click
view source and look through the code right on the website to find something. Like a vulnerability or password or api key. So an API key can get you data from a website
such as passwords or other user data. Getting a private key is sometimes all you
need. But you could also try exploiting an API directly. Sometimes you can trick these into sending
you more data than what you should be allowed to see. We've seen some major breaches that were supposedly
just data from insecure APIs. Oh yeah, and if you can get into the datacenter
and steal the database server and bring it home, you can probably get into it. Maybe it's as simple as pulling the hard drive
out and putting it in your own computer and then reading it that way. Ok so what else. Ah yeah. If you're on the same windows computer as
the person you want their password, you could try to run mimikatz which can extract other
users passwords out of memory. If you're on the same local subnet as another
user, you could run a tool called responder which will act like a shared drive on the
network. Other computers will see it and try to connect. But responder will first ask them to authenticate. That's where you can grab their hash and then
you can use it to login to things or try to crack it. Sometimes just passing the hash is good enough
to login, and you don't need the actual password. Or maybe if you run responder and get a password
it's not the user you wanted, but maybe it's a user with extra privileges on the network. Like an admin. Which would have the ability to take over
any account. And hey, maybe the domain admin password wasn't
what you needed, but if you have that, this can get you access to other accounts that
might help you get into what you want. Or maybe this password is reused in other
places. Or maybe it shows you a clue what their passwords
look like. If you want someone's wifi password, and you're
near their device, you get something that's called a wifipineapple which will act like
their wifi network and ask them for their wifi password, and their device might give
it! Speaking of wifi passwords, if you're in range
you can use tools like aircrackng to try to watch wifi traffic to find the password for
some networks. Let's talk about innys. An inny is someone on the inside. Imagine you know someone who works at facebook,
who can reset people passwords for you. Sometimes they'll charge a fee. That's one way to get it. Take a look at this. This is an inny who works at taco bell, showing
that for $30 they'll reset any tacobell users account, and it's a picture of them at the
terminal showing they have access to do such things. There are LOTs of different kinds of innys. Just gotta know people. Nation state actors do something similiar
in what called a "seeding operation". Where they recruit someone who's about to
go work for a company, and get them hired there, then use their inside access to carry
out tasks for a government entity. Like the CIA. They might provide a password or internal
data. Another thing I've heard nation state actors
do is set up surveillance systems on certain targets. And spy on them. Such as planting microphones and listening
to conversations or using long range photography to see what they are doing on the computer. Take a look through NSA's ANT catalog for
example. There's a technique where you can listen to
someone type their password in and the mic on your phone can record the sound of it and
maybe decode what buttons were pressed. Here's an article about how someone used thermal
cameras to watch what keys were warmer than others which allowed them to see what someone's
password was. Let's talk about tricking the user. Sometimes called phishing, social engineering,
or just scamming them. There are 100s of ways to trick the user to
give you their password. Like one method is to install a keylogger
on your computer, and then get them to use your computer to login to something. With a keylogger you can then go back and
see what keys they typed in for their password. You can try shoulder surfing, watching their
fingers hit the keys as they type their password. You should probably practice this before doing
it, as it takes a bit to learn. I mean some are easier than other, watch this
video and try to guess what kanye's password is. You could set up a fake look-alike website
using a tool like the social engineer toolkit. And send the user a link to login to their
account with a link to this fake site. And the thing is when they login, it sends
you the password they typed in. You can try to call the person up, and try
to trick them into telling you their password. "Hello I'm calling from Microsoft customer
support. We see some suspicious activity on your account,
I can fix it but you have to first give me your password." This kind of trickery works incredibly well. You could also call up the place you want
to access, and act like you're them, and ask the company to reset your password. And now you have access to their account. Try looking on their desk, under their keyboard,
or in their wallet for the password written down somewhere. If not there, try looking through their files. Dropbox, google drive, local storage, network
storage. People sometimes think this is a safe place
to put their passwords. You can also try to get the victim to install
a keylogger on their machine. Maybe you trick them into installing something
they think is a "chat" program or a game you want to play with them. But really it's a keylogger which captures
all their keystrokes and then sends them to you. You can eventually see them type their password. Speaking of keyloggers. There are USB keyloggers too. If you can walk by someone's computer and
plug it in, it'll capture all keystrokes, and stores it on the usb drive. Then you just need to walk by later and grab
it. There are also other tools such as rubber
ducky and omg cable that look like ordinary cables and usb drives but when you plug it
in, it injects keystrokes into the computer. So you could plug it in, and it might do something
like grab a dump of the memory or hash table and then you can unplug it and try to look
through that data for password. Or maybe you could just attack their device
over the network. Maybe it's insecure somehow. So you can identify the vulnerability, then
use an exploit to get yourself access to the device. Once you get on their device you can do things
like install your own keylogger, or sift through their files looking for the password. A lot of people use a password manager. This is a secure database with all their passwords
in one place, and it's protected by a single password. So if you can their password manager's master
password then you have access to everything. Another thing that would give you tons of
data is their email. If you can't get into where you need to get,
but you can get into their email, then you can just reset their password which will send
them a reset link to their email and you can reset it to whatever you like. And this is so effective that what some people
do is go right for attacking the email when they really need to get into another account. And they'll call up Google or Microsoft, pretend
to be the person they want access to, and trick Google to resetting the gmail password. Perhaps their password is something you can
guess. A lot of people use their dog's name or grandma's
name or something close to them. And you don't have to social engineer them,
you can sometimes just look at what they publish online a build a word list that way. They might talk a lot on social media about
their private life which can all be gathered for someone to try to guess it. To give you a clearer idea, when pen testers
are tasked with seeing if a company's users have weak passwords. They'll try to crack the hashes of all the
users in the whole company. But what they've learned helps at finding
weak passwords is to throw a whole bunch of cultural relevant words into the word list
that they'll be guessing from. Such as local school names, local sports teams,
local street names, city names, or things related to the company like the name of it,
or it's mascott or address. It's sick how many employees use their own
company name in their password! Also take a look at the most common passwords
seen today. There's a high chance it's just one of those! People will often use the simplest password
they can. Sometimes websites have weak reset or password
policies. I've seen a website once reset the password
to a new 4 character password that the website chooses. If you can reset a users password to be 4
characters, then it'll be pretty easy to brute force after that. You could call up their helpdesk, and pretend
to be the person you want get access to, and ask for a password reset. You might be able to trick them into changing
it for you, to whatever you choose! Sometimes you don't need their password. You can just steal their session cookie which
will make it seem like you're already logged into the site without providing any password. Recently I had someone try to trick me into
sending them my discord logs which contain my session data! They could use that to be me on discord. And you know what I talked with this person
and they told me about another trick they use which is to send people fake dyno links. Which looks like you're authenticating to
a discord dyno, but in reality you just gave them access to your account, which works even
if you have 2fa turned on. Or I've seen people get into someone elses
account simply by telling the website they are a different user and since the website
saw they have already authenticated, they just let you switch users if you tell it you're
someone else. This relies on the website being poorly coded
for it to work. Private keys are another thing. If you can get a private key it's just as
good as a password in some situations. Private keys are typically too hard to memorize
and gotta be stored somewhere! Look around for them. When someone types their password in it's
usually shown as all stars. In some situations you can right click and
do inspect element to see what the password looks like in clear text. You can also try looking through cache data
to see if a password is saved somewhere on their device. A lot of times the password is left as default. So, always try default passwords first, such
as username admin, password admin, or whatever. If you're on the same network as them, you
might be able to act as a proxy and inspect all traffic they are sending and receiving. Or intercept their traffic with something
like a LAN tap. Somewhere in their traffic is their password,
or session cookie. It's just a matter of finding it. Instead of getting the password for what your
target is. It might be possible to attack a third party. Like maybe if you get in their apple account
you can then get into their phone, then you can get into what you want. Or you could just extort them. Threaten them, do the wrench attack, until
they give you their password. Now I want to emphasize, don't go stealing
people's passwords and logging into their accounts accessing their data. You could get in a lot of trouble for doing
that. The point I'm trying to make here is that
there are a lot of ways someone can get into your accounts. And it should be clear at this poin that your
password is a weak link when it comes to securing your stuff. I just mentioned 64 ways of getting into your
accounts, and I didn't even mention malware or viruses at all. It's important to take your own security seriously. So use long complex passwords, and use a different
one for every website you have an account on. I recommend using a password manager, use
2 factor authentication where available, and always be extremely careful where you are
logging in so that you don't accidentally hand your password to the wrong person or
site. Good luck. Stay safe.
Morning for my side my name is takovski and it's a pleasure to present to you the preliminary work that we are working on mess with respect to disability and user experience this is joint work with my supervisor gabriela lancini and we are from the center for security reliability trust at the university... Read more
[music] welcome back to a faster pc live support i know you've been waiting all week for this show well you don't have to wait any longer get excited this time this is exciting we're actually going to be helping people resolve their computer problems we may help you resolve your computer problems so... Read more
Welcome to condensed crypto news your daily source for concise crypto highlights within 3 minutes today's august 29th 2024 and here are the updates an article from coin papro reported that the harris proposed 20% tax on unrealized gains threatens market stability discourages long-term investment and... Read more
[music] hello i'm daniel and i'm on a freaking cruise ship baby which means for the first time in 3 months the stalker is not going to ruin my life we going to have a stalker free good time ar we now g oh wait no stalker no stalker no stalker all right let's cut the crap the stalker he's he's he's on... Read more
You need to hear this if you're into cyber security just back from the microsoft cyber security summit let's break it down so after the big crowd strike outage microsoft came in hot with some major updates first up they've rolled out new aid driven threat detection this means faster response times and... Read more
A colleague of mine gave me a ps2 to check i plugged in the outlet but from the leds that don't light up there is no sign of life jpe advised me to open it and try to power with an external power supply we remove the plugs and unscrew all the screws and here is the internal power supply that we are... Read more
Introduction and channel name change what's up everyone? it's absolutely crazy
to actually say this, but we're here. we're at the 200th video. and honestly, i can say that all the different things
that you've told me that have helped me become halfway decent
at doing what it is that i do. i wanted to... Read more
Australia is thinking about making new rules for social media now the government wants to stop young people from using sites like facebook instagram and tik tok now they are worried these sites might be bad for kids mental health so australia prime minister anthony albanis says they will make a law... Read more
Intro [music] hey you born welcome back to the information security stack together with me dorian gosselson and kim hindert today kim we have something really nice to talk about class action lawsuits finally they're here awesome it's actually happening it's currently two it's one case but it's driven... Read more
पिछले पार्ट में मैंने आपको बताया था कैसे एनरूम के मेन ऑपरेटर चोज बेन और पॉपुलर नोन एज बाक्सा को अरेस्ट कर लिया गया था बाक्सा के अरेस्ट के बाद सबको यह लग रहा था कि शायद यह एंथ रूम का एंड है बिकॉज बाक्सा के अलावा कोई और एंथ रूम को कंट्रोल करने वाला नहीं था बट हाउ वुड यू फील इफ आई टेल यू बाक्सा डिन रियली कंट्रोल द एंथ रूम आपने नोटिस करा होगा कि कई बार कुछ ब्रांड्स अपनी कैटेगरी में इतने पॉपल हो जाते हैं कि वो उस कैटेगरी के खुद सिनोनिम बन... Read more
The significance of france's detention and investigation of paval durov downplayed by moscow kremlin's spokesperson dimitri pesov said russia is ready to assist the telegram founder to the extent of its capabilities and that as a french citizen durov has everything he needed to organize his legal defense... Read more
Also in diesem video soll die erste einrichtung eines e mail kontos und die sich dabei eventuell ergebenden probleme mal demonstriert werden es geht hier um outlook 2010 beim ersten start von outlook nach einer neuinstallation von office bzw unter einem neu eingerichteten windows benutzerkonto wird... Read more