H3-2022-0093
Weak or Default Credentials - Cracked Credentials from Active Directory Services Database (NTDS)
| Category | CREDENTIALS |
| Base Score | 8.0 |
Description
After obtaining domain administrator access, NodeZero dumped all domain user NTLM hashes from a domain controller and attempted to crack them. At least one hash for an active domain user was cracked.
Impact
Accounts whose password hashes were cracked are ones that an attacker will likely be able to compromise through attacks such as password spray, man-in-the-middle attacks, and other means. Once an account is compromised, an attacker can openly maneuver throughout an environment and access data with the privileges of that account. NodeZero cracks hashes using a variety of methods: Empty password, Based on username, Credential stuffing (the password is an exact match with a known breached password for this username), Credential tweaking (the user's password is a simple mutation of a known breached password for this username), Based on contextual term (the user's password is based on a well known company term), Exact match of known breached password, Based on common breach term for your company. View the proof for a summary report.