Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,150 --> 00:00:00,520
OK.
2
00:00:00,550 --> 00:00:06,230
So I would like you to go out to get hub dot com and then once you're there.
3
00:00:06,240 --> 00:00:09,120
Go ahead and just do a forward slash H.
4
00:00:09,150 --> 00:00:21,500
Maverick Adams H M A V E R I C K Adams and hit enter and you can see me and my snazzy photo here.
5
00:00:21,690 --> 00:00:27,780
But what we're after is I want to show you a tool that I wrote called Breach pass and we're gonna walk
6
00:00:27,870 --> 00:00:29,820
through what it does.
7
00:00:29,820 --> 00:00:36,960
Now go ahead and click on breach pass and you're going to see a bash script here and a little bit of
8
00:00:36,960 --> 00:00:40,050
a description so you do not need to download this.
9
00:00:40,050 --> 00:00:42,810
Let me preface with what we're doing here.
10
00:00:42,840 --> 00:00:49,170
This magnet link you're going to need one a torrent some sort of you torrent or Bit Torrent and you'll
11
00:00:49,170 --> 00:00:50,050
need to this.
12
00:00:50,160 --> 00:00:55,040
And it's also something along the lines of forty four gigabytes extracted.
13
00:00:55,140 --> 00:00:57,960
It's a huge file so you don't have to do this.
14
00:00:57,960 --> 00:01:00,130
You can just watch and follow along.
15
00:01:00,170 --> 00:01:03,440
You're more than welcome to install this on your machine.
16
00:01:03,450 --> 00:01:04,760
I'm going to show you what it looks like.
17
00:01:04,790 --> 00:01:12,260
So I'm going to go out to my applications and my files here and then I have put this into my opt folder.
18
00:01:12,260 --> 00:01:19,040
So if you come into opt here and I've got breach pass if you come into this breach compilation folder
19
00:01:19,040 --> 00:01:24,860
which is what we'll download you're going to see that we have data here.
20
00:01:24,950 --> 00:01:25,310
OK.
21
00:01:25,310 --> 00:01:28,000
So this data has a bunch of different data.
22
00:01:28,010 --> 00:01:31,150
It's got emails starting with 0 1 2 3 4.
23
00:01:31,160 --> 00:01:41,190
All these different ones what's living inside of this is if we can display it is emails and passwords.
24
00:01:41,230 --> 00:01:46,510
Now you see these ones have weird symbols inside the emails but there's a bunch of emails and passwords
25
00:01:46,510 --> 00:01:51,980
in here like somebody at yahoo dot com and their password is 1 2 3 4 5 6.
26
00:01:52,000 --> 00:01:55,400
Well these passwords are coming from credential dumps.
27
00:01:55,420 --> 00:02:04,030
So we talked about it earlier about thinking about the you know Equifax or the linked in breach or Home
28
00:02:04,030 --> 00:02:08,710
Depot all these big breaches that happen credentials get dumped out.
29
00:02:08,830 --> 00:02:14,350
And guess what they show up on the dark web and eventually they show up in these lists.
30
00:02:14,380 --> 00:02:21,740
So we utilize these lists and we've got you click into this just hundreds of files here and again 44
31
00:02:21,850 --> 00:02:22,980
gigabytes.
32
00:02:22,990 --> 00:02:29,410
So all I did was I built a little tool that can search through this data and pull down names so you
33
00:02:29,410 --> 00:02:32,490
can take a quick look at the tool and what it does.
34
00:02:32,530 --> 00:02:38,710
But basically what it does is you just put in the syntax you search for something like at Tesla dot
35
00:02:38,710 --> 00:02:46,030
com and then you specify you know Tesla dot text and it's going to search through all of these files
36
00:02:46,030 --> 00:02:47,630
for at Tesla dot com.
37
00:02:47,860 --> 00:02:52,510
If you're more interested in the code behind it you're more than welcome to read the code in here and
38
00:02:52,510 --> 00:02:58,510
see if some of the items that we've covered already with the batch scripting and the python scripting
39
00:02:58,840 --> 00:03:00,540
kind of ring a bell.
40
00:03:00,580 --> 00:03:08,470
So what we're gonna do is I'm going to come ahead and go into the terminal and make it a little bigger.
41
00:03:09,230 --> 00:03:15,440
And then I'm just going to change into that folder breach pass and I'm going to run breach pass so reach
42
00:03:15,440 --> 00:03:16,600
pass here.
43
00:03:16,940 --> 00:03:25,730
And what we're gonna do is I'm just going to say at Tesla dot com and then Tesla dot text and that's
44
00:03:25,730 --> 00:03:26,540
going to run.
45
00:03:27,080 --> 00:03:30,230
So again you do not have to install this.
46
00:03:30,260 --> 00:03:32,180
This is only for visual purposes.
47
00:03:32,180 --> 00:03:33,680
I'm going to show you in the next video.
48
00:03:33,680 --> 00:03:35,670
Another way to do this.
49
00:03:35,720 --> 00:03:41,030
So this is going to run through it's going to take a minute here and it's going to grab everybody's
50
00:03:41,090 --> 00:03:46,400
username and password that says Tesla dot com and the user name and then it's going to have all the
51
00:03:46,400 --> 00:03:49,630
passwords and we're gonna be able to decipher things from this.
52
00:03:49,640 --> 00:03:54,530
So I'm going to let this run and as soon as it's done I'll come back and we'll talk about the results.
53
00:03:55,340 --> 00:03:55,670
OK.
54
00:03:55,700 --> 00:03:57,580
The results are back.
55
00:03:57,590 --> 00:04:01,060
So this breaks it down into three files.
56
00:04:01,070 --> 00:04:05,800
There is a cat Tesla.
57
00:04:05,930 --> 00:04:08,340
There is a master passwords and user.
58
00:04:08,360 --> 00:04:14,510
So the master has the username and password and then the users file has the user's passwords has the
59
00:04:14,510 --> 00:04:15,170
passwords.
60
00:04:15,530 --> 00:04:17,350
So I'm actually get it.
61
00:04:17,450 --> 00:04:21,220
The Tesla master dot text.
62
00:04:21,230 --> 00:04:26,990
And let's take a look at this so from here we don't have a big list.
63
00:04:27,000 --> 00:04:29,740
Surprisingly for a company the size of Tesla.
64
00:04:30,060 --> 00:04:37,480
So what happens is people utilize their work credentials or their work e-mails and they log into Web
65
00:04:37,480 --> 00:04:40,830
sites and probably shouldn't be using their work e-mails for.
66
00:04:40,830 --> 00:04:43,080
And we just use it to our advantage.
67
00:04:43,350 --> 00:04:48,770
So we're after is we're after not only these user names we're after these passwords as well.
68
00:04:48,810 --> 00:04:51,980
So we see these user names and we see these passwords.
69
00:04:52,010 --> 00:04:55,320
And I like to look for repeat offenders.
70
00:04:55,320 --> 00:04:58,350
I like to look for the syntax as well.
71
00:04:58,350 --> 00:05:05,320
Remember we had first initial last name but we see first name dot Last Name Here we see possibly you
72
00:05:05,320 --> 00:05:07,090
know just a single name.
73
00:05:07,200 --> 00:05:09,360
There are different types of things in here.
74
00:05:09,360 --> 00:05:13,140
So Nick at Tesla dot com as well.
75
00:05:13,140 --> 00:05:19,890
So you know it's changed up I think nowadays it is first initial last name but maybe in the past they
76
00:05:19,890 --> 00:05:24,960
use first name dot last name then moved to an easier format or vice versa.
77
00:05:24,960 --> 00:05:29,670
They started the first initial last name they got too big then they had to do first name dot last name.
78
00:05:30,000 --> 00:05:34,390
But again what we're after here is potential repeat offenders.
79
00:05:34,440 --> 00:05:37,560
So look at the shark at Tesla dot com.
80
00:05:37,830 --> 00:05:43,350
It got popped twice and the password is very very very similar.
81
00:05:43,710 --> 00:05:51,720
So if I were to attack Tesla dot com through a logging interface I might spray this username with this
82
00:05:51,720 --> 00:05:53,160
password in this password.
83
00:05:53,160 --> 00:05:56,670
That's what we call a credential stuffing because we already know the passwords.
84
00:05:56,670 --> 00:06:02,720
And then I might make some modification of capitalized letters and non capitalized letters with DADT
85
00:06:02,760 --> 00:06:06,960
because 9 0 7 and 8 1 4 appear to be consistent you know.
86
00:06:06,990 --> 00:06:14,520
So I would alternate capitals in non capitals here in lowercase and just see maybe if something sticks.
87
00:06:14,520 --> 00:06:18,660
So this is something that's interesting this user down here one two three four five One two three four
88
00:06:18,660 --> 00:06:19,950
five star.
89
00:06:19,950 --> 00:06:23,870
Probably not going to get in with that on a company like Tesla but you never know.
90
00:06:24,510 --> 00:06:28,620
But this is what we would do we would take the user names we throw these passwords at it and that's
91
00:06:28,620 --> 00:06:33,870
called credential stuffing and then we would take these user names and all the known user names and
92
00:06:33,870 --> 00:06:38,710
we would spray passwords at them like fall 20 19 like we talked about last video.
93
00:06:38,910 --> 00:06:40,330
That's password spraying.
94
00:06:40,440 --> 00:06:47,940
So this is a important and very very critical part of information gathering is gathering these usernames
95
00:06:48,240 --> 00:06:52,660
and these credentials right off the bat you want to identify those with your targets.
96
00:06:52,680 --> 00:06:55,040
So this is kind of what it looks like.
97
00:06:55,050 --> 00:06:57,590
This is what I do during every assessment.
98
00:06:57,750 --> 00:07:02,490
And hopefully that makes sense and that works into it in the next video.
99
00:07:02,490 --> 00:07:07,140
We're going to go ahead and just show another method and start thinking again about these credentials
100
00:07:07,140 --> 00:07:08,710
and how they can be utilized.
101
00:07:08,850 --> 00:07:13,140
And then we'll do some other information gathering as you move on and learn some techniques and how
102
00:07:13,140 --> 00:07:15,020
we can get information on a client.
103
00:07:15,090 --> 00:07:16,710
So I'll see you over in the next video.
10461
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.