There is no way that you keyboard danced for 12 seconds and completed a nmap scan, identified an unpatched target with a remote code execution bug, delivered the payload, pivoted to an account with the permissions you needed, and found the server running the internal application you are looking for.
“Oh I figured out the default passwords and naming conventions for new employees awhile ago.”
Funnily enough I got my college to change password policies because for a report for one of my classes I wrote about how stupid it was that all new users passwords were First intial + last initial + last four of social security number, with usernames being firstname + lastname + year. Since they had no max number of attempts on logins, and didn’t prompt you to change password on logging in, it took a few minutes to get into anyone’s account once you knew their name. (That school was very incompetent, and they are closed now)
OR
“Give me 20 minutes, I’m on hold with IT. They’ll reset the password and tell me it if I give them an employee ID, dob, and name. Which I see clearly on this guys facebook picture where he has his badge visibile.”
Or a hacking guy trying to brute force for days. Then the “no nonsense” guy goes out for 20 minutes, and comes back with it and refused to answer questions. Oh wait… that’s just XKCD.
Hacking.
There is no way that you keyboard danced for 12 seconds and completed a nmap scan, identified an unpatched target with a remote code execution bug, delivered the payload, pivoted to an account with the permissions you needed, and found the server running the internal application you are looking for.
telnet 127.0.0.1
I’m in!
Ah legacy systems.
All the young kids use ::1
Only Mr Robot
It’s really simple, you just search the evil corporation’s hard drive for a file named
EVIDENCE.txtRealistic hacking scenes would be funny.
“Okay I’m in”
“Wait… how?”
“Oh I figured out the default passwords and naming conventions for new employees awhile ago.”
Funnily enough I got my college to change password policies because for a report for one of my classes I wrote about how stupid it was that all new users passwords were First intial + last initial + last four of social security number, with usernames being firstname + lastname + year. Since they had no max number of attempts on logins, and didn’t prompt you to change password on logging in, it took a few minutes to get into anyone’s account once you knew their name. (That school was very incompetent, and they are closed now)
OR
“Give me 20 minutes, I’m on hold with IT. They’ll reset the password and tell me it if I give them an employee ID, dob, and name. Which I see clearly on this guys facebook picture where he has his badge visibile.”
Or a hacking guy trying to brute force for days. Then the “no nonsense” guy goes out for 20 minutes, and comes back with it and refused to answer questions. Oh wait… that’s just XKCD.