Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

Dutch website Hookers.nl — used by prostitutes, escorts and their customers — had been hacked. The site’s user database was stolen and is actively being traded in the underground, and sold for about 2 Euros. The dump contains data of — among others — employees of Dutch governmental intuitions like the department of defense, foreign affairs and law enforcement. Since data is now within virtually anyone’s reach, we expect scams to blackmail users soon.

Hookers.nl publicly stated that passwords were not stolen. Strictly speaking this is true: the database does not contain plain text passwords but hashed passwords. Scattered Secrets was able to crack 57% of the password hashes in three days. This is our story.

Door |2024-02-17T10:58:34+00:00oktober 31, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Lessons from the Hookers.nl breach: cracking 57% of the passwords in three days

How to crack billions of passwords?

All kinds of online services get hacked. This includes services that you might be using. Scattered Secrets is a password breach notification and prevention service. We continuously collect publicly available hacked databases and try to crack the corresponding passwords. Verified account owners can access their own information and take appropriate action to keep their accounts safe and prevent against account takeovers. At the time of writing, our database includes nearly four billion — yes, that is with a B — plaintext passwords. Users occasionally ask us how we can crack passwords on such a large scale. To answer this, first we need to look at the basics.

Door |2024-02-17T11:04:28+00:00september 19, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor How to crack billions of passwords?

Mijn wachtwoord is Qtne,lsm

Mijn wachtwoord is Qtne,lsm. Nu niet allemaal meteen je smartphone pakken, om in te breken in mijn accounts. Dat zou toch niet werken. Want ik had iets preciezer moeten zijn: mijn wachtwoord was Qtne,lsm. Waarom ik dat van de daken schreeuw?

Door |2024-02-17T06:32:39+00:00juni 6, 2019|Artikel, Nederlands|Reacties uitgeschakeld voor Mijn wachtwoord is Qtne,lsm

Abusing Exchange: One API call away from Domain Admin

In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers using NTLM over HTTP. This can be combined with an NTLM relay attack to escalate from any user with a mailbox to Domain Admin in probably 90% of the organisations I’ve seen that use Exchange. This attack is possible by default and while no patches are available at the point of writing, there are mitigations that can be applied to prevent this privilege escalation. This blog details the attack, some of the more technical details and mitigations, as well as releasing a proof-of-concept tool for this attack which I’ve dubbed “PrivExchange”.

Door |2024-02-17T12:07:27+00:00februari 7, 2019|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Abusing Exchange: One API call away from Domain Admin

Password database of MediaMarkt leaks again

On January 2, 2018 I visited MediaMarkt in Leidsche Rein The Wall. MediaMarkt is a well-known electronics shop franchise in The Netherlands with 45 stores. I was in need of a new phone as my current one was now over two years old and my subscription ended. They had the Samsung Note I was looking for, so I came there to get it.

The sales guy from the telecom department happy greeted me and started a conversation. He wanted to check out my phone subscription to see if he could get a nice discount for me. Sure!

Door |2024-02-17T13:02:06+00:00februari 1, 2018|Article, Artikel, Engels, Nederlands|Reacties uitgeschakeld voor Password database of MediaMarkt leaks again
Ga naar de bovenkant