It took me some time to get used to calling Jamie by the name “Katy,” but it is coming

Single factor authentication often the larger the target the quicker the compromise.

Find a page were login credentials are requested.

1. search-engine-manipulation (to find login pages and usernames)

http://www.myexploit.wordpress.com/information-gathering-search-engine-manipulation/

using a companies name google search  to try and discover there e-mail structure as this is commonly used as a username. i.e search @compnies-choosen-name.com  (the .com can be replaced by any country in scope parameter .jp, .fr so on)
The results should show users internal email address  i.e mark.exsample@compnies-choosen-name.com

username = mark.exsample or mark.exsample@compnies-choosen-name.com

(50% of authentication complete)

After this search again using the found users e-mail address mark.exsample@compnies-choosen-name.com and look for any social network accounts and any other information. Befriending is common try and learn there partners names, dob, pets names.

2. cupp-common-user-passwords-profiler

http://www.myexploit.wordpress.com/information-gathering-cupp-common-user-passwords-profiler/

Create the password file using this found information.

3.  http://www.myexploit.wordpress.com/control-medusa-passwords/

(100% of authentication complete)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s