No word lists or brute forcing etc required as others have said, but you wonāt just find it written down somewhere.
If you want to narrow down the usernames you should be trying obvious passwords with, you could try looking at which users have actually ever logged on. Thereās an attribute on user accounts that tells you the date/time a user last logged on. Integrate that into your base L*** query and it narrows it down to just 3 user accounts.
One final tip: I actually guessed the right password straight away, but was just trying to log in to the wrong service/port. So yeah, remember there are other things to try credentials against.
I hate that this is purely a guessing game. I have tried all the realistic bad passwords I can think of. I feel as though it should be disclosed somewhere or have a technical means of finding itā¦
yes Iām just frustratedā¦ Also VbScrub gave a good tip to reduce timeā¦ but Iām still stuck on āguessingā a password.
EDIT: GOT Userā¦ always check syntax!!! Thank you to those that assisted kicking me in my brain!
I hate that this is purely a guessing game. I have tried all the realistic bad passwords I can think of. I feel as though it should be disclosed somewhere or have a technical means of finding itā¦
yes Iām just frustratedā¦ Also VbScrub gave a good tip to reduce timeā¦ but Iām still stuck on āguessingā a password.
I was frustrated too but honestly once you get it, you realise it was not unfair to expect people to guess this. Also like I said, I actually got the correct password early on but was just trying it in the wrong place, so I thought I still had it wrong.
People saying that you donāt need word lists is actually quite a big tip. What password could an account have that would not be on a common word list but still be easy to guess?
I hate that this is purely a guessing game. I have tried all the realistic bad passwords I can think of. I feel as though it should be disclosed somewhere or have a technical means of finding itā¦
yes Iām just frustratedā¦ Also VbScrub gave a good tip to reduce timeā¦ but Iām still stuck on āguessingā a password.
I was frustrated too but honestly once you get it, you realise it was not unfair to expect people to guess this. Also like I said, I actually got the correct password early on but was just trying it in the wrong place, so I thought I still had it wrong.
People saying that you donāt need word lists is actually quite a big tip. What password could an account have that would not be on a common word list but still be easy to guess?
Yea my problem was synatx so to speak. I was checking the right password, but not against a user the system understood, if that makes sense.
for anyone stuck on getting user, the OWASP methodology link for discovering potential bad practices when admins/devs create a new account that @th3y posted is a great hint
guys, when try to connect via smbclient or rccln with found credits itās ok and they are valid
but when i try to connect via w*m it says that AuthorizationError. can someone tell me what the problem is?
guys, when try to connect via smbclient or rccln with found credits itās ok and they are valid
but when i try to connect via w*m it says that AuthorizationError. can someone tell me what the problem is?
guys, when try to connect via smbclient or rccln with found credits itās ok and they are valid
but when i try to connect via w*m it says that AuthorizationError. can someone tell me what the problem is?
Its exactly what the error message is telling you. You donāt have permission to access that service with those credentials. Look around the SMB shares with your first set of credentials and see what you can find
a nudge would be appreciated.