- Trevorspray to gain access to email
- Try to find VPN company? Passwords? What information can we find from access?
- He took SS of finance docs (lol)
- AZURE PORTAL!!
- portal.azure.com
- Login with the user you found
- You will likely dump the whole access list
- Gives you valid/known users
- He sprayed the password he was able to figure out from DeHashed hash
- Found someone from IT
- Searched his hash and found 500 results
- Started digging into other people with that hash to find the common password
- After figuring it out and realizing that it might be reused for people until they change their passwords, he did e on the Azure Portal users
- Got access to 10 accounts out of 413 accounts.
- Tested the 10 to find which reused the same password for the VPN
- One of them did, giving him access.
- Got on the VPN and used the credentials that worked from his computer
- Also found logins and passwords spreadsheet (crazy bro)
Enumeration back and forth
Credential stuffing for login portals from breached passwords (DeHased)
login to older server that they were decommissioning (maybe happens again idk bro)
It had exploit and he dumped it
Dumped the users and their passwords
Credential stuff on the new server
Didn’t work but made a list that he could spray Summer2018! on