Group Policy Preference Password finder.
#1
So browsing the intertubes i came across a neat tool for extracting GP3 passwords from Windows hosts.

http://grimhacker.com/2015/04/10/gp3find...rd-finder/

When i read the included article i saw they provided a compiled binary for Windows platforms as well. Which got me thinking; why would anyone download an exe file instead of just use source even on Windows, considering it's a python program. Then i thought, wouldn't it be neat if i downloaded source, added few changes using one of the many HTTP libs python has so that all passwords found will be automatically posted to what would essentially be a simple C&C server(Common C&C opsec methods could be employed like DNS fast flux). PyCrypto is used in the original program as well so obfuscating traffic over HTTP would be as easy as leveraging the crypto lib for that purpose.

What's more the python implementation of this program has the ability to retrieve the passwords remotely, from what i understand. In that case it would be trivial to employ some checks to see if password retrieval was successful for any given host upon which the host plus passwords would be sent to your C&C.

Essentially it would be a very efficient way to harvest passwords if enough people download and use the adapted version of the program once you compile it and pretend it's the original one.
Reply
#2
Interesting find and interesting idea. I suppose the problem is spreading this new modified version too many people while appearing as legitimate. Maybe like the linuxmint website hack? Actually get into the official site where the file is hosted and replace the legitimate copy with the modified version.
Reply
#3
(06-02-2016, 01:05 PM)Insider Wrote: Interesting find and interesting idea. I suppose the problem is spreading this new modified version too many people while appearing as legitimate. Maybe like the linuxmint website hack? Actually get into the official site where the file is hosted and replace the legitimate copy with the modified version.

That's what i thought. But considering the guy who is hosting the website is a hacker himself actually replacing his link/file with a malicious one would probably be challenging. But i do love a good challenge, in any event. It's something to think about.
Reply
#4
(06-02-2016, 08:47 PM)Vector Wrote: That's what i thought. But considering the guy who is hosting the website is a hacker himself actually replacing his link/file with a malicious one would probably be challenging. But i do love a good challenge, in any event. It's something to think about.

I just got another weird idea how one could achieve it. Create a very similar blog to the author, use an older domain and manipulate the database in wordpress or whatever CMS being used to manipulate the timestamp into showing an earlier post date than the original author. Maybe you could fool a few people. Spread it around, maybe even get it featured by other blogs and sites. Or even impersonate the author to spread said modified version on forums by linking to the fake blog.

It might not work forever but maybe for a limited time.
Reply
#5
(06-06-2016, 06:19 PM)Insider Wrote:
(06-02-2016, 08:47 PM)Vector Wrote: That's what i thought. But considering the guy who is hosting the website is a hacker himself actually replacing his link/file with a malicious one would probably be challenging. But i do love a good challenge, in any event. It's something to think about.

I just got another weird idea how one could achieve it. Create a very similar blog to the author, use an older domain and manipulate the database in wordpress or whatever CMS being used to manipulate the timestamp into showing an earlier post date than the original author. Maybe you could fool a few people. Spread it around, maybe even get it featured by other blogs and sites. Or even impersonate the author to spread said modified version on forums by linking to the fake blog.

It might not work forever but maybe for a limited time.

Right, i imagine that would work as well if properly executed. We should organize something like this, wouldn't that be fun. I think if the good people of greysec pooled their resources and skill sets we could achieve some great things. It would certainly seem we have the talent amongst ourselves.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Can you name a few open source tools for offline password cracking? ShadowRaider 2 796 06-30-2020, 01:54 AM
Last Post: poppopret
  Looking for a group lezno 2 1,801 02-26-2019, 08:42 PM
Last Post: Insider
  How Secure is Your Password? Cryptography 21 16,382 12-29-2016, 08:12 PM
Last Post: VenAAX
  2,000,000+ Password List Cryptography 0 4,008 06-10-2015, 10:36 PM
Last Post: Cryptography