Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,150 --> 00:00:00,520 OK. 2 00:00:00,550 --> 00:00:06,230 So I would like you to go out to get hub dot com and then once you're there. 3 00:00:06,240 --> 00:00:09,120 Go ahead and just do a forward slash H. 4 00:00:09,150 --> 00:00:21,500 Maverick Adams H M A V E R I C K Adams and hit enter and you can see me and my snazzy photo here. 5 00:00:21,690 --> 00:00:27,780 But what we're after is I want to show you a tool that I wrote called Breach pass and we're gonna walk 6 00:00:27,870 --> 00:00:29,820 through what it does. 7 00:00:29,820 --> 00:00:36,960 Now go ahead and click on breach pass and you're going to see a bash script here and a little bit of 8 00:00:36,960 --> 00:00:40,050 a description so you do not need to download this. 9 00:00:40,050 --> 00:00:42,810 Let me preface with what we're doing here. 10 00:00:42,840 --> 00:00:49,170 This magnet link you're going to need one a torrent some sort of you torrent or Bit Torrent and you'll 11 00:00:49,170 --> 00:00:50,050 need to this. 12 00:00:50,160 --> 00:00:55,040 And it's also something along the lines of forty four gigabytes extracted. 13 00:00:55,140 --> 00:00:57,960 It's a huge file so you don't have to do this. 14 00:00:57,960 --> 00:01:00,130 You can just watch and follow along. 15 00:01:00,170 --> 00:01:03,440 You're more than welcome to install this on your machine. 16 00:01:03,450 --> 00:01:04,760 I'm going to show you what it looks like. 17 00:01:04,790 --> 00:01:12,260 So I'm going to go out to my applications and my files here and then I have put this into my opt folder. 18 00:01:12,260 --> 00:01:19,040 So if you come into opt here and I've got breach pass if you come into this breach compilation folder 19 00:01:19,040 --> 00:01:24,860 which is what we'll download you're going to see that we have data here. 20 00:01:24,950 --> 00:01:25,310 OK. 21 00:01:25,310 --> 00:01:28,000 So this data has a bunch of different data. 22 00:01:28,010 --> 00:01:31,150 It's got emails starting with 0 1 2 3 4. 23 00:01:31,160 --> 00:01:41,190 All these different ones what's living inside of this is if we can display it is emails and passwords. 24 00:01:41,230 --> 00:01:46,510 Now you see these ones have weird symbols inside the emails but there's a bunch of emails and passwords 25 00:01:46,510 --> 00:01:51,980 in here like somebody at yahoo dot com and their password is 1 2 3 4 5 6. 26 00:01:52,000 --> 00:01:55,400 Well these passwords are coming from credential dumps. 27 00:01:55,420 --> 00:02:04,030 So we talked about it earlier about thinking about the you know Equifax or the linked in breach or Home 28 00:02:04,030 --> 00:02:08,710 Depot all these big breaches that happen credentials get dumped out. 29 00:02:08,830 --> 00:02:14,350 And guess what they show up on the dark web and eventually they show up in these lists. 30 00:02:14,380 --> 00:02:21,740 So we utilize these lists and we've got you click into this just hundreds of files here and again 44 31 00:02:21,850 --> 00:02:22,980 gigabytes. 32 00:02:22,990 --> 00:02:29,410 So all I did was I built a little tool that can search through this data and pull down names so you 33 00:02:29,410 --> 00:02:32,490 can take a quick look at the tool and what it does. 34 00:02:32,530 --> 00:02:38,710 But basically what it does is you just put in the syntax you search for something like at Tesla dot 35 00:02:38,710 --> 00:02:46,030 com and then you specify you know Tesla dot text and it's going to search through all of these files 36 00:02:46,030 --> 00:02:47,630 for at Tesla dot com. 37 00:02:47,860 --> 00:02:52,510 If you're more interested in the code behind it you're more than welcome to read the code in here and 38 00:02:52,510 --> 00:02:58,510 see if some of the items that we've covered already with the batch scripting and the python scripting 39 00:02:58,840 --> 00:03:00,540 kind of ring a bell. 40 00:03:00,580 --> 00:03:08,470 So what we're gonna do is I'm going to come ahead and go into the terminal and make it a little bigger. 41 00:03:09,230 --> 00:03:15,440 And then I'm just going to change into that folder breach pass and I'm going to run breach pass so reach 42 00:03:15,440 --> 00:03:16,600 pass here. 43 00:03:16,940 --> 00:03:25,730 And what we're gonna do is I'm just going to say at Tesla dot com and then Tesla dot text and that's 44 00:03:25,730 --> 00:03:26,540 going to run. 45 00:03:27,080 --> 00:03:30,230 So again you do not have to install this. 46 00:03:30,260 --> 00:03:32,180 This is only for visual purposes. 47 00:03:32,180 --> 00:03:33,680 I'm going to show you in the next video. 48 00:03:33,680 --> 00:03:35,670 Another way to do this. 49 00:03:35,720 --> 00:03:41,030 So this is going to run through it's going to take a minute here and it's going to grab everybody's 50 00:03:41,090 --> 00:03:46,400 username and password that says Tesla dot com and the user name and then it's going to have all the 51 00:03:46,400 --> 00:03:49,630 passwords and we're gonna be able to decipher things from this. 52 00:03:49,640 --> 00:03:54,530 So I'm going to let this run and as soon as it's done I'll come back and we'll talk about the results. 53 00:03:55,340 --> 00:03:55,670 OK. 54 00:03:55,700 --> 00:03:57,580 The results are back. 55 00:03:57,590 --> 00:04:01,060 So this breaks it down into three files. 56 00:04:01,070 --> 00:04:05,800 There is a cat Tesla. 57 00:04:05,930 --> 00:04:08,340 There is a master passwords and user. 58 00:04:08,360 --> 00:04:14,510 So the master has the username and password and then the users file has the user's passwords has the 59 00:04:14,510 --> 00:04:15,170 passwords. 60 00:04:15,530 --> 00:04:17,350 So I'm actually get it. 61 00:04:17,450 --> 00:04:21,220 The Tesla master dot text. 62 00:04:21,230 --> 00:04:26,990 And let's take a look at this so from here we don't have a big list. 63 00:04:27,000 --> 00:04:29,740 Surprisingly for a company the size of Tesla. 64 00:04:30,060 --> 00:04:37,480 So what happens is people utilize their work credentials or their work e-mails and they log into Web 65 00:04:37,480 --> 00:04:40,830 sites and probably shouldn't be using their work e-mails for. 66 00:04:40,830 --> 00:04:43,080 And we just use it to our advantage. 67 00:04:43,350 --> 00:04:48,770 So we're after is we're after not only these user names we're after these passwords as well. 68 00:04:48,810 --> 00:04:51,980 So we see these user names and we see these passwords. 69 00:04:52,010 --> 00:04:55,320 And I like to look for repeat offenders. 70 00:04:55,320 --> 00:04:58,350 I like to look for the syntax as well. 71 00:04:58,350 --> 00:05:05,320 Remember we had first initial last name but we see first name dot Last Name Here we see possibly you 72 00:05:05,320 --> 00:05:07,090 know just a single name. 73 00:05:07,200 --> 00:05:09,360 There are different types of things in here. 74 00:05:09,360 --> 00:05:13,140 So Nick at Tesla dot com as well. 75 00:05:13,140 --> 00:05:19,890 So you know it's changed up I think nowadays it is first initial last name but maybe in the past they 76 00:05:19,890 --> 00:05:24,960 use first name dot last name then moved to an easier format or vice versa. 77 00:05:24,960 --> 00:05:29,670 They started the first initial last name they got too big then they had to do first name dot last name. 78 00:05:30,000 --> 00:05:34,390 But again what we're after here is potential repeat offenders. 79 00:05:34,440 --> 00:05:37,560 So look at the shark at Tesla dot com. 80 00:05:37,830 --> 00:05:43,350 It got popped twice and the password is very very very similar. 81 00:05:43,710 --> 00:05:51,720 So if I were to attack Tesla dot com through a logging interface I might spray this username with this 82 00:05:51,720 --> 00:05:53,160 password in this password. 83 00:05:53,160 --> 00:05:56,670 That's what we call a credential stuffing because we already know the passwords. 84 00:05:56,670 --> 00:06:02,720 And then I might make some modification of capitalized letters and non capitalized letters with DADT 85 00:06:02,760 --> 00:06:06,960 because 9 0 7 and 8 1 4 appear to be consistent you know. 86 00:06:06,990 --> 00:06:14,520 So I would alternate capitals in non capitals here in lowercase and just see maybe if something sticks. 87 00:06:14,520 --> 00:06:18,660 So this is something that's interesting this user down here one two three four five One two three four 88 00:06:18,660 --> 00:06:19,950 five star. 89 00:06:19,950 --> 00:06:23,870 Probably not going to get in with that on a company like Tesla but you never know. 90 00:06:24,510 --> 00:06:28,620 But this is what we would do we would take the user names we throw these passwords at it and that's 91 00:06:28,620 --> 00:06:33,870 called credential stuffing and then we would take these user names and all the known user names and 92 00:06:33,870 --> 00:06:38,710 we would spray passwords at them like fall 20 19 like we talked about last video. 93 00:06:38,910 --> 00:06:40,330 That's password spraying. 94 00:06:40,440 --> 00:06:47,940 So this is a important and very very critical part of information gathering is gathering these usernames 95 00:06:48,240 --> 00:06:52,660 and these credentials right off the bat you want to identify those with your targets. 96 00:06:52,680 --> 00:06:55,040 So this is kind of what it looks like. 97 00:06:55,050 --> 00:06:57,590 This is what I do during every assessment. 98 00:06:57,750 --> 00:07:02,490 And hopefully that makes sense and that works into it in the next video. 99 00:07:02,490 --> 00:07:07,140 We're going to go ahead and just show another method and start thinking again about these credentials 100 00:07:07,140 --> 00:07:08,710 and how they can be utilized. 101 00:07:08,850 --> 00:07:13,140 And then we'll do some other information gathering as you move on and learn some techniques and how 102 00:07:13,140 --> 00:07:15,020 we can get information on a client. 103 00:07:15,090 --> 00:07:16,710 So I'll see you over in the next video. 10461