1
00:00:02,100 --> 00:00:07,460
So in this year, we're going to search for plaintext credentials are incorrect credentials enough?

2
00:00:08,220 --> 00:00:10,930
So first, explain the what is on the file.

3
00:00:11,250 --> 00:00:22,410
So this answer will be, uh, like contains the scripts that you can run whenever you are not able to

4
00:00:22,410 --> 00:00:23,200
operate the computer.

5
00:00:23,770 --> 00:00:27,690
In like you want to run the script.

6
00:00:27,690 --> 00:00:31,250
And then you can write the script and answer it.

7
00:00:31,260 --> 00:00:36,210
And you can put that script in the terms of the Windows operating system and search for that answer

8
00:00:36,330 --> 00:00:37,380
and execute this group.

9
00:00:37,860 --> 00:00:40,290
So this is the basics of this answer.

10
00:00:40,710 --> 00:00:45,540
And there is one important concept, this answer that is OneTel files.

11
00:00:45,810 --> 00:00:52,080
So these are written files are submitted to answer first, but these are available during the Windows

12
00:00:52,080 --> 00:00:53,700
Up installation.

13
00:00:53,880 --> 00:00:55,500
So there will be a Windows image.

14
00:00:55,680 --> 00:01:02,040
If you want to customize your Windows image like windows, I guess what you want to add your own language,

15
00:01:02,040 --> 00:01:06,020
like your own local language and you want to add some other software.

16
00:01:06,360 --> 00:01:12,070
And these are the interface will run after the creation of the first user.

17
00:01:12,270 --> 00:01:18,140
So you have set up your windows and then it will ask for the user password and you feel free to enter.

18
00:01:19,440 --> 00:01:24,000
Then these annotations will execute with some credentials.

19
00:01:24,330 --> 00:01:30,210
It means tells it to have some permissions and it will run the script and it will install some software.

20
00:01:30,240 --> 00:01:32,370
So this is the purpose of unattended files.

21
00:01:32,730 --> 00:01:36,910
These are used for customizing edition of the Windows installation.

22
00:01:38,400 --> 00:01:42,630
So you need to restart every software on all the systems.

23
00:01:42,870 --> 00:01:48,240
We can simply throw this on the first and it will install this software.

24
00:01:50,100 --> 00:01:53,270
So with this already in place, you can have some print.

25
00:01:53,280 --> 00:01:54,760
Experiences are incorrect.

26
00:01:54,780 --> 00:02:02,730
And just because some services are software require the permission of higher priorities like those things

27
00:02:04,050 --> 00:02:07,750
you did here were used to install the software on this software.

28
00:02:08,040 --> 00:02:13,040
We can also give that service to you on the system.

29
00:02:13,050 --> 00:02:15,560
So that is all for the first degree.

30
00:02:16,110 --> 00:02:25,290
So you can you may contain the plain text message encoded, congesting that's based on your computer.

31
00:02:26,820 --> 00:02:28,740
So in my computer, it does not help.

32
00:02:29,550 --> 00:02:36,160
Uh, so let's go ahead and find this coming in an end.

33
00:02:36,370 --> 00:02:37,830
And, uh.

34
00:02:38,550 --> 00:02:43,740
So these are the unwritten first content, the formats like XML, text file, etc..

35
00:02:44,130 --> 00:02:49,400
So Slasher's for Cassill such as.

36
00:02:51,820 --> 00:02:57,010
Alright, let's go ahead and go to the rubber tree and then perform this operation.

37
00:02:58,660 --> 00:03:03,130
So meanwhile, I'm going to tell you everything that is the first.

38
00:03:03,370 --> 00:03:10,090
So this cease fires are used for preparing the system, uh, services.

39
00:03:11,330 --> 00:03:13,860
You can see we have got the idea to not.

40
00:03:14,120 --> 00:03:18,700
Well, let's go to this territory and check whether we have any credentials are not.

41
00:03:23,630 --> 00:03:32,620
And program 636, and we are where we are, workstation resources, and you can see the text file,

42
00:03:33,590 --> 00:03:43,520
so it says some partition and undetermined full unattended admin password star and the purpose not.

43
00:03:45,580 --> 00:03:46,790
Working for them.

44
00:03:48,460 --> 00:03:55,170
So these you can see the bird king for dinner and will be Oscar when the Windows installation.

45
00:03:58,660 --> 00:04:05,420
So the dosage will be 800 by 680, so so we do not have any credentials.

46
00:04:05,430 --> 00:04:12,890
So this is the resources of this maybe Windows washer machine, uh, currency.

47
00:04:12,960 --> 00:04:13,360
Sure.

48
00:04:14,380 --> 00:04:19,840
So let me stop this so you cannot see the contents of this bill first.

49
00:04:20,620 --> 00:04:23,080
So you can also set, for example, for us.

50
00:04:24,740 --> 00:04:30,580
So another thing is that it does disprove first, so these are also similar to Unidan first, this may

51
00:04:30,620 --> 00:04:41,180
contain some, uh, important information since it's a large star such as.

52
00:04:45,200 --> 00:04:52,730
So meanwhile, so let's go to the three and this one will open another common problem and we'll look

53
00:04:52,730 --> 00:04:56,720
for extras and some extras and configuration files.

54
00:04:57,800 --> 00:05:01,490
So we will look for the string that his password.

55
00:05:01,500 --> 00:05:05,770
So if any file has the string password, then it will be displayed.

56
00:05:05,960 --> 00:05:08,270
So to do that, we need to find Ishtiaq.

57
00:05:08,570 --> 00:05:08,840
So.

58
00:05:09,410 --> 00:05:13,690
This is similar to Bill, but it will support the experience.

59
00:05:13,840 --> 00:05:15,430
Of course, they're there.

60
00:05:15,620 --> 00:05:21,980
They're coming also support regular experience, but it is only to display the file, but it does not

61
00:05:21,980 --> 00:05:24,860
search inside the inside the content of the file.

62
00:05:26,240 --> 00:05:29,990
So we have finished here and password.

63
00:05:31,580 --> 00:05:32,030
So.

64
00:05:35,740 --> 00:05:37,960
So let's find the,

65
00:05:40,870 --> 00:05:49,720
um, slash, as I said, actually very good as soon as I use for ignore case so that it will be anything

66
00:05:49,890 --> 00:05:54,010
that'll be a small fee, it will be case insensitive password.

67
00:05:54,250 --> 00:05:58,050
And let's just start out and start that again.

68
00:05:58,720 --> 00:06:02,530
These are the configuration of files.

69
00:06:03,860 --> 00:06:09,090
And you can see we have got this is this is not easy.

70
00:06:10,090 --> 00:06:11,020
We can.

71
00:06:11,390 --> 00:06:12,140
Yeah.

72
00:06:12,400 --> 00:06:13,980
So we got all of the X Files.

73
00:06:13,990 --> 00:06:18,370
We do not have any, uh, experts or any configuration files.

74
00:06:18,850 --> 00:06:24,790
So this may be the bad for us, but it's worth noting checking this system files.

75
00:06:26,810 --> 00:06:32,870
So here we got a lot of information you can see are the first order containing the password and also

76
00:06:32,870 --> 00:06:34,730
the line that contained the password.

77
00:06:37,620 --> 00:06:40,470
We can see this visit the OR.

78
00:06:42,310 --> 00:06:50,810
And so it takes so much time for taking these passwords, if there is any way that containing the password

79
00:06:50,810 --> 00:06:56,170
like password is Nikil, et cetera, like that, then it will be desperate.

80
00:07:02,560 --> 00:07:05,830
So, OK, let me run this program in the background.

81
00:07:05,980 --> 00:07:07,440
Let's open this now.

82
00:07:07,450 --> 00:07:16,030
We can also query the registry and the content, some configuration data like how much screen Highton

83
00:07:16,030 --> 00:07:21,210
with the pregnancy to start and which one should use and which character dos, etc., etc..

84
00:07:22,870 --> 00:07:29,220
So I have this cheat sheet because I can't remember this, but it's of course no one can do this, but

85
00:07:29,230 --> 00:07:33,180
you can just create the cheat sheet of this registry.

86
00:07:33,220 --> 00:07:35,490
Ladies first.

87
00:07:35,530 --> 00:07:43,020
If there is A, B and C, and we can, uh, query further printing faster if the password is stored

88
00:07:43,030 --> 00:07:43,480
in this.

89
00:07:44,080 --> 00:07:46,670
Uh uh, this is tricky.

90
00:07:47,110 --> 00:07:50,210
So let's go ahead and take this one and hit enter.

91
00:07:51,820 --> 00:07:56,350
So we do not have been we should say we got this issue was unable to find the key.

92
00:07:57,340 --> 00:08:00,120
So now let's do this with rather.

93
00:08:14,200 --> 00:08:19,690
So we have got a bunch of information, we don't know if there are any plaintext passwords we can see

94
00:08:19,690 --> 00:08:20,020
here.

95
00:08:23,110 --> 00:08:29,930
So we got only the username and Assadi and we do not get the, uh, plaintext password.

96
00:08:31,570 --> 00:08:33,810
So this is just a private matter.

97
00:08:33,820 --> 00:08:42,630
You need to try if they if the computers are old, like Windows XP and 2010, chances are somewhat of

98
00:08:42,760 --> 00:08:45,170
a to certain parameters.

99
00:08:45,190 --> 00:08:50,870
I don't think I have a system in a machine or it's just created this one.

100
00:08:50,890 --> 00:08:52,780
So we do not find this really should go.

101
00:08:53,410 --> 00:08:54,820
Now, another important thing is.

102
00:08:55,120 --> 00:09:03,280
But Sessions so I have this party installed before I can see here and I have some storage sessions.

103
00:09:06,690 --> 00:09:08,010
So these are the keys.

104
00:09:08,250 --> 00:09:17,610
So let's go ahead to this story, so let's go ahead and copy this and let's see.

105
00:09:17,640 --> 00:09:23,790
So this is still running, so let's go ahead and they will just press out and take the radio.

106
00:09:25,260 --> 00:09:26,530
So this is a shelter.

107
00:09:26,560 --> 00:09:28,400
I'm just showing you the details.

108
00:09:30,430 --> 00:09:31,390
And the part.

109
00:09:34,310 --> 00:09:43,720
So these are the properties are this party application, you can see how much a bold font, color,

110
00:09:43,730 --> 00:09:47,890
height, burkas, etc. So one important thing is proxy settings.

111
00:09:48,710 --> 00:09:57,550
So if you have the proxy settings enabled here, then you will see the plain text of proxy without opening

112
00:09:57,560 --> 00:09:57,780
this.

113
00:09:57,790 --> 00:10:02,600
But the application can see here the proxy localhost.

114
00:10:05,220 --> 00:10:12,210
So here we do not have any value because I do not have a proxy at all, so you can also see the proxy

115
00:10:12,210 --> 00:10:16,370
password here and proxy proxy username.

116
00:10:16,620 --> 00:10:27,450
So the proxy username and password password, can we use it for this proxy so you can also get the proxy

117
00:10:27,960 --> 00:10:35,640
and also displayed information so you can basically take all these properties.

118
00:10:38,130 --> 00:10:42,560
So you can I do not have the proxy that's there is there are no worries at all.

119
00:10:42,570 --> 00:10:50,290
If any organization have the proxy and undercharging or party, then you have these values of up.

120
00:10:50,370 --> 00:10:51,350
You can see the character.

121
00:10:52,380 --> 00:10:53,430
She's the tenant command.

122
00:10:56,570 --> 00:11:01,100
So this is the main important thing, you can see the proxy information in the plain text

123
00:11:03,770 --> 00:11:11,720
by using this registry so you can also search for any plaintext passwords stored in the registry.

124
00:11:12,230 --> 00:11:16,370
Now, let's clear the screen with this one.

125
00:11:19,340 --> 00:11:28,580
We are getting not only the names with the password in it, so still it's not it's running here.

126
00:11:36,330 --> 00:11:45,150
So it's asking for a commission and a guarantee that this is for this federal commission and this is

127
00:11:45,150 --> 00:11:46,440
for current users.

128
00:11:48,240 --> 00:11:51,920
So I'm going to stop this now and also try this next one.

129
00:11:53,430 --> 00:11:57,000
And we get to the things that are with the password in it.

130
00:11:59,310 --> 00:12:07,080
So we have lots of those messages and we have the set of Papasso pictures of.

131
00:12:08,110 --> 00:12:15,610
I do not have that I can see here the proxy password we have seen in the party sessions registry, so

132
00:12:15,610 --> 00:12:17,260
we have got this proxy password.

133
00:12:21,170 --> 00:12:29,870
So I think these are the basics, uh, not really the basics, you can find some juicy information credentials

134
00:12:29,870 --> 00:12:30,610
from this comment.

135
00:12:30,620 --> 00:12:36,230
So we see the other come and finish their comment to find the password in our first.

136
00:12:36,530 --> 00:12:43,130
Alderney exemplifies our confusion first, and we'll also call it the registry for any information.

137
00:12:44,330 --> 00:12:52,130
So most of the computers have the party because they're connected to some domain domain controller then.

138
00:12:53,360 --> 00:13:00,200
Now they obviously need to log in the system from further what is required.

139
00:13:02,400 --> 00:13:08,740
Uh, you can get the proxy information if there is any proxy in the plaintext was in plain text format.

140
00:13:09,300 --> 00:13:10,400
So that's how far this year.

141
00:13:10,410 --> 00:13:11,490
I hope you understood.

142
00:13:11,720 --> 00:13:21,080
So even though we might not how we know we did not get any plaintext or incorrect passwords, but sometimes

143
00:13:21,080 --> 00:13:27,380
in these of some files contain the password as a backup.