HUGE THANKS to Snyk for sponsoring this video & supporting the channel! Check out Snyk to help bake security into your development process, find and fix vulnerabilities before the bad actors do! snyk.co/johnhammond
Hey John! I'm 22 and i've been learning coding, languages, hacking and all that sweet stuff since i was a kid. The way you explain things in your videos really helped me understand a lot more in a short period of time instead of just opening a terminal doing the ole trial and error OR watching videos where they don't explain anything at all, type in a lot of code at once and say "voila its done now you've learned". What i'm trying to say is thank you so much for helping me and other people learn all these cool stuff while having fun and experimenting, you're literally the best teacher one could have... Note: Apologies if i made any grammar mistakes, i'm Turkish
Hey John would you consider setting up some blue team tools and then after the series is over showing us how we could track our self's through the network and stuff like that
Absolutely! Enumerate the password policy of the network, or check with your contact for your IPT to make sure you don't lock out every user on the domain by password spraying.
Not sure if this was pointed out, but if you iterate through each line in users.txt, you can run crackmapexec on each iteration without the continue on success flag and pipe that output through grep. eg while read user; do cme stuff -u $user -p passwords.txt | grep '[+]'; done < users.txt
Could you please do a video step by step showing us how to set up linux on a Windows computer so it is easy to use follow as in 100%anonymous for us to use to start learning Linux ie chinging or IP address if possible love these videos please don't stop making them
I find that the cyber security app is working better than the try to hack site it is like Ben made it of me and I am the real Sandra Mulligan of Australia
Appreciate the content, but what kind of a n00b configures a domain with no lockout policy for x password fails in y minutes? It's interesting to see the tool, but in reality you could do all the the exact same things with a few lines of powershell, even from a *nix machine.
I downloaded the latest Win2022 server iso today and installed it and I was wondering the same thing. It seems that by default, group policy sets the account lockout mechanism to "Not configured". If you want to rate limit the sysadmin will need to change the group policy.
master what is your eye icon on your top of your phone? on your other episode video. i watching your content when im stress. your video is stress relief sometimes for me. i home you can do episode that what best application that we can use to prevent for hackers or virus. I'm using vpn and anti virus what is you think? thankyou and advance i hope you can help us to protect our personal life. thankyou so much. :)
I'm curious if once it establishes what the password policy is, if it only tries words in the password list that fit the password policy. Or if it still checks every password whether or not it complies.
Yes. Yes - but if you were spraying, you'd usually configure it to stay under the lockout threshold limit for an account. Event 4625. However, if you just straight up monitor this on any reasonably sized network, you'll be absolutely smashed with people derping their creds legitimately. Try instead monitoring for attempts for x different accounts from a single host. It might be normal to see 4624 events (services use user accounts) and maybe the odd misconfiguration resulting in 1 or 2 4625's regularly across the IT estate, but its unlikely to be normal to see say 4 different 4625's from a single host. That way you'll identify an actual spray, eliminating the noise and someone using cme on your network should in theory light up like a Christmas tree. *this obviously is only one method of spraying. Kerbrute, etc may result in different event IDs (e.g. 4771)
Hey john it looks cool but not very practical. Usually after 5 failed attempts the account gets locked out. Spamming password till you hit something will just lock users out of their systems
It seems that by default, group policy sets the account lockout mechanism to "Not configured". A sysadmin will need to change the group policy manually to set a rate limit so you might find yourself lucky. Alternatively, you could try password spraying accross all users instead of 1. I.E. instead of try 5000 passwords on 1 account, try the 4 most common passwords accross 5000 account (assuming your client organisation is a large enough entity). If they are a small enterprise youre really just more likely that the default is set!
that shit never worked on virtualbox in windows i tried like 12 times at least and then i would try to boot to the OS but the grub menu never popped up and it never booted to the login screen
Regarding the OSINT (LinkedIn stuff) I do have a script that uses Selenium to scrape the LinkedIn users and generate an email list if anyone is interested.
Hey John would you consider setting up some blue team tools and then after the series is over showing us how we could track our self's through the network and stuff like that
Hey John would you consider setting up some blue team tools and then after the series is over showing us how we could track our self's through the network and stuff like that
HUGE THANKS to Snyk for sponsoring this video & supporting the channel! Check out Snyk to help bake security into your development process, find and fix vulnerabilities before the bad actors do! snyk.co/johnhammond
@Not Convinced Of course! You need to know the adversary you are up against ;)
🇧🇷✨ here in Brazil we follow your channel.
@@_JohnHammond Brazilians can buy the courses ???
Hey John! I'm 22 and i've been learning coding, languages, hacking and all that sweet stuff since i was a kid.
The way you explain things in your videos really helped me understand a lot more in a short period of time instead of just opening a terminal doing the ole trial and error OR watching videos where they don't explain anything at all, type in a lot of code at once and say "voila its done now you've learned".
What i'm trying to say is thank you so much for helping me and other people learn all these cool stuff while having fun and experimenting, you're literally the best teacher one could have...
Note: Apologies if i made any grammar mistakes, i'm Turkish
Hey John would you consider setting up some blue team tools and then after the series is over showing us how we could track our self's through the network and stuff like that
Yes ;)
Awesome can't wait
Hey, I want in!
Where's my Notepad?
Thats an amazing idea! Exactly what I want to learn! John please, kind sir! 😄
My favorite pentest tool! Would recommend adding a plug to account lockouts. Locking out a domain is never a good Monday
Absolutely! Enumerate the password policy of the network, or check with your contact for your IPT to make sure you don't lock out every user on the domain by password spraying.
Interesting, this keeps me wondering on how to detect its usage on my network.
That was awesome and frightening at the same time. So much info from just a normal user account 😱
Man I had so much fun on this one, the setting up of the AD and such was fiddly but this made it worth it!
Absolutely top notch video and video series John. Thanks so much for making these, you've really taught me so much over the years :)
Loving this series so far and looking forward to the next video!
John makes Hacking noob friendly.
Not sure if this was pointed out, but if you iterate through each line in users.txt, you can run crackmapexec on each iteration without the continue on success flag and pipe that output through grep.
eg while read user; do cme stuff -u $user -p passwords.txt | grep '[+]'; done < users.txt
Great video as always John ! Thank you !!!
John, keep up the great work! These videos are a godsend.
This was fantastic. Please keep up the amazing work!
Its super awesome but hope that this series will not gonna stop just like other ones 😅
thanks john! great content as always...
Hey all. I'm here from sri lanka
Love from India ❣️
At minute 18:00 you did not get information from the ports and SMB in ws01 machine because possibly the windows 11 firewall was blocking you
Love it
That wasn't a long video. But a great video.
Amazing as always
one of the best and maybe you are the best
You are awesome
Could you please do a video step by step showing us how to set up linux on a Windows computer so it is easy to use follow as in 100%anonymous for us to use to start learning Linux ie chinging or IP address if possible love these videos please don't stop making them
hello from the netherlands
cool great series to learn how to come from Zero to Hero ... please never ends ;-)
You are the real one 💪
Sheeesh this is interesting
I cant like anymore because its perfectly balanced at 666! Very Nice !
thx work
You love to see it
21:16 9 lines from the bottom 😉
How does this prevent the "lockout after 3 attempts" policy?
Also would like to know this.
Hello from India
Great stuff as always but did I miss the part where you find the DC IP address as someone who didn't set up the lab?
You could find the DC by using nmap and looking at the open ports
🖇 John the Ripper!
Thankyou
@john could you share what's the hardware on which you're spawning all the VMs?
The behemoth that you mentioned a couple of videos back.
As MCSA expired, which certificate would you recommend that has the same content as MCSA?
My appetite has been wetted, thanks!
i will replay this attack in my lab env, but with "Defender for Identitiy" active. see how it is detected.
whetted ;p
I find that the cyber security app is working better than the try to hack site it is like Ben made it of me and I am the real Sandra Mulligan of Australia
Can you show us your terminator config?
He has a video talking about his config in terminator
so you can see the malware lookout security app is
Appreciate the content, but what kind of a n00b configures a domain with no lockout policy for x password fails in y minutes? It's interesting to see the tool, but in reality you could do all the the exact same things with a few lines of powershell, even from a *nix machine.
I didn't understand why there was no limit on login attempts. Wouldn't that be a problem in real cases?
I downloaded the latest Win2022 server iso today and installed it and I was wondering the same thing.
It seems that by default, group policy sets the account lockout mechanism to "Not configured". If you want to rate limit the sysadmin will need to change the group policy.
master what is your eye icon on your top of your phone? on your other episode video. i watching your content when im stress. your video is stress relief sometimes for me. i home you can do episode that what best application that we can use to prevent for hackers or virus. I'm using vpn and anti virus what is you think? thankyou and advance i hope you can help us to protect our personal life. thankyou so much. :)
I'm curious if once it establishes what the password policy is, if it only tries words in the password list that fit the password policy. Or if it still checks every password whether or not it complies.
I would love to understand and follow you but i couldn't. It went to fast for me unfortunately
why you don´t use wsl you can launch instaces of kali from windows start menu
Is this actually trying the user name and password combos? if so wouldn't this lock out the account? Also, do the AD controllers log these attempts?
Yes. Yes - but if you were spraying, you'd usually configure it to stay under the lockout threshold limit for an account.
Event 4625.
However, if you just straight up monitor this on any reasonably sized network, you'll be absolutely smashed with people derping their creds legitimately.
Try instead monitoring for attempts for x different accounts from a single host. It might be normal to see 4624 events (services use user accounts) and maybe the odd misconfiguration resulting in 1 or 2 4625's regularly across the IT estate, but its unlikely to be normal to see say 4 different 4625's from a single host.
That way you'll identify an actual spray, eliminating the noise and someone using cme on your network should in theory light up like a Christmas tree.
*this obviously is only one method of spraying. Kerbrute, etc may result in different event IDs (e.g. 4771)
👍
let's hack the youtube algorithm
Is it just me or is the audio slightly ahead of the video in this?
Hey john it looks cool but not very practical. Usually after 5 failed attempts the account gets locked out. Spamming password till you hit something will just lock users out of their systems
It seems that by default, group policy sets the account lockout mechanism to "Not configured". A sysadmin will need to change the group policy manually to set a rate limit so you might find yourself lucky. Alternatively, you could try password spraying accross all users instead of 1. I.E. instead of try 5000 passwords on 1 account, try the 4 most common passwords accross 5000 account (assuming your client organisation is a large enough entity). If they are a small enterprise youre really just more likely that the default is set!
its porketta btw, not porscietta
that shit never worked on virtualbox in windows i tried like 12 times at least and then i would try to boot to the OS but the grub menu never popped up and it never booted to the login screen
i done it on vbox, it works
Password files is colors red
I unsubscribed and don't even use lookout security I been in UA-cam the whole time
Add Arabic translation
Learn english
Oeleh
Donnelle Raeburn they have a free trial version
Regarding the OSINT (LinkedIn stuff) I do have a script that uses Selenium to scrape the LinkedIn users and generate an email list if anyone is interested.
definetely, send it my way if you can
Hey John would you consider setting up some blue team tools and then after the series is over showing us how we could track our self's through the network and stuff like that
Hey John would you consider setting up some blue team tools and then after the series is over showing us how we could track our self's through the network and stuff like that